Splunk® Phantom App for Splunk

Use the Splunk Phantom App for Splunk to Forward Events

Splunk Phantom App for Splunk has been replaced by Splunk App for SOAR Export.

Steps to connect the Splunk platform with Splunk Phantom or Splunk SOAR

Before you can use the Splunk Phantom App for Splunk, you must establish a connection between the Splunk platform and Splunk Phantom or Splunk SOAR. Perform the following tasks to make the connection:

  1. If you don't have Splunk Enterprise Security (ES), download and install the Splunk Common Information Model (CIM) app from Splunkbase.
  2. Enable Splunk platform users to use the Splunk Phantom App for Splunk.
  3. Provide a valid SSL certificate for the connection between Splunk Phantom and Splunk Enterprise.
  4. Connect the Splunk Phantom App for Splunk and the Splunk Platform to a Splunk Phantom server or Splunk SOAR.
  5. (Optional) If you have Splunk Enterprise Security, Run adaptive response actions in Splunk ES to send notable events to Splunk Phantom or Splunk SOAR.
Last modified on 13 September, 2021
Upgrade the Splunk Phantom App for Splunk on Splunk Cloud Platform   Enable Splunk platform users to use the Splunk Phantom App for Splunk

This documentation applies to the following versions of Splunk® Phantom App for Splunk: 4.1.73


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters