Skip to main content
Splunk® Phantom (Legacy)

Use Splunk Phantom

Splunk® Phantom (Legacy)
4.9

Use the Splunk Mobile app for Splunk Phantom (Legacy)

Use the Splunk Mobile App to view and respond to notifications, view dashboards, view event details, or run a playbook in Splunk Phantom (Legacy).

Prerequisites

Before using the Splunk Mobile app for Splunk Phantom (Legacy), perform the required administrative tasks. See About the Splunk Mobile App for Splunk Phantom (Legacy) in the Get Started with the Splunk Mobile App for Splunk Phantom (Legacy) manual.

The Splunk Mobile app for Splunk Phantom only works with iOS devices.

View a notification

View a notification by opening a push notification in the Splunk Mobile app. Or, you can open a notification in the Splunk Mobile UI.

  1. In your Splunk Phantom (Legacy) instance in the Splunk Mobile app, navigate to the Notifications tab. You can filter notifications by type by tapping All Types at the top of the list.
  2. Tap a notification to view its details.

Respond to a notification

You can also respond to notifications in the Splunk Mobile app.

  1. In your Splunk Phantom (Legacy) instance in the Splunk Mobile app, navigate to the Notifications tab.
  2. Select a notification.
  3. To respond to the notification, complete the fields that the notification requests.

View dashboards

To view your Splunk Phantom (Legacy) dashboards, navigate to the Dashboards tab in the Splunk Mobile app.

Depending on the visualization type, you can scroll through or tap the visualization to get more details.

View event details

You can view event details from Splunk Phantom (Legacy) on your mobile device using the Splunk Mobile app.

To view an event, perform these steps:

  1. In your Splunk Phantom (Legacy) instance in the Splunk Mobile app, navigate to the Events tab. You can filter events by owner and status at the top of the list.
  2. Tap an event to view its information.

To run a playbook against the event, tap the Playbook button. See Run a playbook for more information about running playbooks on your mobile device.

Tap the Activity tab to view event activities or add a comment. Tap the Artifacts tab to view event artifacts. Tap the Notes tab to view and filter event notes.

Run a playbook

You can run a playbook that you create in Splunk Phantom (Legacy) on your mobile device using the Splunk Mobile app.

Follow these steps to run a playbook in the Splunk Mobile app:

  1. Create playbooks in Splunk Phantom (Legacy). See Use playbooks to automate analyst workflows in Splunk Phantom (Legacy) in Build Playbooks with the Visual Editor.
  2. In your Splunk Phantom (Legacy) instance in the Splunk Mobile app, navigate to the Events tab. You can filter events by owner and status at the top of the list.
  3. Tap an event that you want to run a playbook in response to.
  4. Tap the Playbook button.
  5. Select the playbook you want to run.
  6. Select the scope of the playbook. The scope indicates which artifacts that the playbook processes. New includes only artifacts from when this playbook was last run. All includes all artifacts. Artifact processes a specific artifact defined by the artifact ID.
  7. Tap Run Playbook.

The Splunk Mobile app runs the playbook against the event you selected.

Last modified on 07 September, 2021
Create case reports to download and share in Splunk Phantom   Run Splunk Phantom (Legacy) playbooks in Splunk AR workspaces

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters