Hi,
We are integrating phantom with splunk using below doc
As per the doc we create two users - phantomsearchuser and phantomdeleteuser
May I know why these users are created?? what they will do?
Also, as per this --> https://splunkbase.splunk.com/app/4399/#/details
(A userid is created at phantom end and it is added to below lookup in splunk) --> I have created it as phantom_test at the phantom end. May I know why this user is required?
4- Edit phantomusers.csv file under <Splunk>/etc/apps/splunk_app_phantom/lookups and add new entries. Each entry should map the phantom userid to the phantom username. You can get the userids/username mapping from your Phantom instance under Administration -> User Management -> Users and click on each individual user to get the userid.
Totally I have 3 users (2 users created in splunk and 1 user created in phantom)