Splunk® Phantom

Use Splunk Phantom

Download manual as PDF

Download topic as PDF

Overview of cases

Containers can be promoted to cases. You can use cases to consolidate information from multiple containers. Cases have phases and tasks, which are organized into workbooks to track and manage all the actions taken. Tasks can have playbooks and actions associated with them, allowing you to automate these actions. Automating actions allows Splunk Phantom to be used to track policy and compliance, and to fulfill documentation requirements.

Last modified on 15 January, 2020
PREVIOUS
View or edit the Python code in Splunk Phantom playbooks
  NEXT
Create cases in Splunk Phantom

This documentation applies to the following versions of Splunk® Phantom: 4.8, 4.9


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters