Welcome to the Splunk Phantom App for Splunk version 4.0.10!

This release of the Splunk Phantom App for Splunk has the following new features and enhancements.

Feature Description

Python 2 and 3 compatibility This release of the Splunk Phantom App for Splunk is updated to provide full support for Python 3. See Python 3 migration with the Splunk platform in the Python 3 Migration manual.

Multivalue option for adaptive response artifacts

When adaptive response notables are received by Splunk Phantom as artifacts, a new configuration option allows you to choose one of the following options when the notable contains multivalue fields:

Send the notable as a single artifact using a comma-separated list for the multivalue field. For example, if a notable contains three users in the username field, only one artifact is created in Splunk Phantom, and the artifact contains all three users.
Send one separate artifact per unique field value. For example, if a notable contains three users in the username field, three separate artifacts are created in Splunk Phantom, one artifact per user.

See Configure how you want to handle multivalue fields in Splunk ES notable events.

Use adaptive response relay to forward events to Splunk Phantom

Set up multiple Splunk platform instances to use adaptive response relay and maintain control over when adaptive response notables are sent to Splunk Phantom.

See Use adaptive response relay to send notable events from Splunk ES to Splunk Phantom.

Related answers from Splunk Community

Welcome to the Splunk Phantom App for Splunk version 4.0.10!

Comments

Was this topic useful?