SOAR (Phantom) Installation in existing server wit...

Santhosh · ‎11-22-2021

Hi Everyone,

I spinned up a new machine(VM) in Azure and trying to install the phantom (SOAR) using RPM file.

So I have partitioned & mounted 700 GB to /Opt and 5 GB to /tmp directory.

While installing the package, I am getting below error. Unable to find the answers for this.

Can someone help on this?

Failed to run install for git

Error: Package: git-2.16.1-1.el7.x86_64 (phantom-base)
Requires: perl(SVN::Ra)
Error: Package: git-2.16.1-1.el7.x86_64 (phantom-base)
Requires: perl(SVN::Delta)
Error: Package: git-2.16.1-1.el7.x86_64 (phantom-base)
Requires: perl(SVN::Core)

Thanks,

Santhosh Govindhan

tgendron_splunk · ‎05-14-2022

See KB 65 at (https://my.phantom.us/kb/65/) There is a specific statement about additional modules “Note for AWS Users:
RPM's will look different. For AWS Red Hat images, the repo name for the packages in RedHat's rhel-7-server-optional-rpms will appear as: rhui-REGION-rhel-server-optional
These can be enabled in the /etc/yum.repos.d/redhat-rhui.repo file. “

Go into the repo file and set enable to 1 and retry the phantom install.

SOAR (Phantom) Installation in existing server with RPM

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation