Splunk SOAR (f.k.a. Phantom)

Cofense Triage Add-On account credentials

Path Finder

In the cofense addon https://splunkbase.splunk.com/app/5253/

this confused me for a while on what the credentials where

tried adding   the username and passwords in the credentials, by which I thought it means the username and password you use to access the gui

In the cofense v2API  we can create
Client ID:
Client Secret:

but that doesnt seem to work with app (think its V1)

Found eventually under Account mangement that a User can create an API V1 key

so use the logui gin as the username and the API as the password

It now seems obvious , put posting for thick people like me , who might find this useful

Labels (1)
Tags (2)

Path Finder

You might modify the title with [Solution] or add the answer and select your own answer as the solution.  Just so that anyone else having the issue knows that this is an answer and not just someone else asking for help with the same problem.

0 Karma
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...