Splunk® Phantom Add-on for Splunk

Install and Upgrade the Splunk Phantom Add-on for Splunk

Download manual as PDF

Download topic as PDF

Enable Splunk platform users to use the Splunk Phantom Add-on for Splunk

The Phantom Add-on for Splunk introduces a new role with new capabilities. These capabilities must be enabled for the Splunk user setting up the Phantom Add-on for Splunk. To add these capabilities to a user, follow these steps:

On version 8.0.x of the Splunk platform:

  1. Navigate to the Splunk platform instance where you installed the Phantom Add-on for Splunk.
  2. In Splunk Web, select Settings > Roles.
  3. The phantom role includes Splunk Phantom read and write access and other permissions needed to run the Phantom Add-on for Splunk. To set up Splunk Phantom capabilites, assign the phantom role to a user or a role. For example, if you want the admin role to have Splunk Phantom capabilities, do the following:
    1. Click Edit in the Actions column for the admin role.
    2. In the Inheritance tab, select the checkbox next to the phantom role. This will cause all users with the admin role to also inherit all privileges from the phantom role.
  4. Click Save.

On version 7.3.x of the Splunk platform:

  1. Navigate to the Splunk platform instance where you installed the Phantom Add-on for Splunk.
  2. In Splunk Web, select Settings > Access controls.
  3. Select Roles.
  4. The phantom role includes Splunk Phantom read and write access and other permissions needed to run the Phantom Add-on for Splunk. To set up Splunk Phantom capabilites, assign the phantom role to a user or a role. For example, if you want the admin role to always have Splunk Phantom capabilities, do the following:
    1. Click admin to edit the role.
    2. Click the Inheritance tab.
    3. Select the checkbox next to the phantom role. This will cause all users with the admin role to also inherit all privileges from the phantom role.
  5. Click Save.
Last modified on 29 September, 2020
PREVIOUS
Configure the Splunk Phantom Add-on for Splunk
  NEXT
Provide a valid SSL certificate for the connection between Splunk Phantom and the Splunk platform

This documentation applies to the following versions of Splunk® Phantom Add-on for Splunk: 4.0.10


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters