Welcome to Splunk Phantom App for Splunk version 3.0.5!
This release of the Splunk Phantom App for Splunk has the following new features and enhancements.
Feature | Description |
---|---|
Automatic field mappings | Save setup time by pre-defining the fields you want to appear in Splunk Phantom using the new Configure Global Field Mappings tab. These mappings are applied to new saved search and data model forwarding configurations during configuration, or automatically to Splunk Enterprise Security (ES) notables. |
Event forwarding workflow improvements | The saved search and data model forwarding workflow is redesigned to simplify and streamline the experience of configuring forwarding to Splunk Phantom.
|
Product name change
The Splunk Phantom App For Splunk is renamed to Phantom Add-On to more accurately reflect the function of the add-on as a data forwarder and align it with Splunk naming conventions. In releases earlier than 3.0.5, the name of the add-on as it appears in the list of apps in Splunk Web is Phantom. In release 3.0.5 and later, this name appears as Phantom Add-On.
The name of this add-on is not changed on Splunkbase, nor is it changed in the product documentation in order to maintain alignment with the product name on Splunkbase. The following table summarizes how the Splunk Phantom App For Splunk is named:
Where you see the product name | Product name |
---|---|
Splunkbase | Splunk Phantom App for Splunk |
Documentation | Splunk Phantom App For Splunk, except for instances where the Splunk Phantom App for Splunk is referred to generically as an add-on. |
List of apps in the Splunk platform | Phantom Add-On |
NEXT Fixed Issues for the Phantom App for Splunk |
This documentation applies to the following versions of Splunk® Phantom App for Splunk: 3.0.5
Feedback submitted, thanks!