Unable to configure additional Phantom App repo

aocvy · ‎04-28-2020

We want to deliver app updates to Phantom automated via git, we do not want to upload a new app each time one is updated

phantom_mhike · ‎05-01-2020

If these are custom apps that you have written, i have tackled automated deployment is kind of a sketchy way but it will work.

Log onto the phantom server via ssh and clone your app repository to the file system where ever you want it stored

Write a script that does the following:
• Pull the latest from the repo
• Pull the current app versions from the phantom API
• Check the current app version for each app in the repo
• If the repo version is different, run phantoms compile script with -i to install it to the server

Cron that script to your desired frequency or create a playbook that you can run adhoc that will run the script. I prefer cron because then you dont have to tangle with the permissions for the phantom-worker to run the script and execute all the required commands.

Its a little clunky but it gets you out of the business of creating and manually uploading custom app tgz files.

aocvy · ‎05-01-2020

Have you had any success with the approach of changing the git repo link from Phantom to one of your own?

I'm also looking at a way to change the git sync to a git hook, so it'll trigger on git pushes to master

phantom_mhike · ‎05-01-2020

No. I have never been in a situation where I wanted to drop the default app library.

Unable to configure additional Phantom App repo

installation

troubleshooting

upgrade

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!