Splunk® Phantom App for Splunk

Install and Upgrade the Splunk Phantom App for Splunk

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Phantom App for Splunk. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Enable Splunk platform users to use the Splunk Phantom App for Splunk

The Splunk Phantom App for Splunk introduces a new role with new capabilities. These capabilities must be enabled for the Splunk user setting up the Splunk Phantom App for Splunk.

Add the phantom role to users on Splunk Enterprise 8.x

Perform the following steps to add the phantom role to the Splunk user setting up the Splunk Phantom App for Splunk in Splunk Enterprise 8.x environments:

  1. Navigate to the Splunk platform instance where you installed the Splunk Phantom App for Splunk.
  2. In Splunk Web, select Settings > Roles.
  3. The phantom role includes Splunk Phantom read and write access and other permissions needed to run the Splunk Phantom App for Splunk. To set up Splunk Phantom capabilities, assign the phantom role to a user or a role. For example, if you want the admin role to have Splunk Phantom capabilities, do the following:
    1. Click Edit in the Actions column for the admin role.
    2. In the Inheritance tab, select the checkbox next to the phantom role. This will cause all users with the admin role to also inherit all privileges from the phantom role.
  4. Click Save.

Add the phantom role to users on Splunk Enterprise 7.3.x

Perform the following steps to add the phantom role to the Splunk user setting up the Splunk Phantom App for Splunk in Splunk Enterprise 7.3.x environments:

  1. Navigate to the Splunk platform instance where you installed the Splunk Phantom App for Splunk.
  2. In Splunk Web, select Settings > Access controls.
  3. Select Roles.
  4. The phantom role includes Splunk Phantom read and write access and other permissions needed to run the Splunk Phantom App for Splunk. To set up Splunk Phantom capabilites, assign the phantom role to a user or a role. For example, if you want the admin role to always have Splunk Phantom capabilities, do the following:
    1. Click admin to edit the role.
    2. Click the Inheritance tab.
    3. Select the checkbox next to the phantom role. This will cause all users with the admin role to also inherit all privileges from the phantom role.
  5. Click Save.

Add the phantom role to users on Splunk Cloud

Splunk Cloud users must file a support ticket in order to have Splunk update user roles on your behalf.

Make sure you request that the phantom role is inherited by the sc_admin role.

Last modified on 10 September, 2021
PREVIOUS
Configure the Splunk Phantom App for Splunk 		  NEXT
Provide a valid SSL certificate for the connection between Splunk Phantom and Splunk Enterprise

This documentation applies to the following versions of Splunk® Phantom App for Splunk: 4.0.10, 4.0.35

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters