Phantom 3.5.x Adaptive Response Action in Splunk E...

claudiocruz · ‎05-25-2018

I'm trying to integrate Splunk ES 5.1 running on Splunk Core 7.1.

I have the Phantom app configured, connected to the Phantom server (not sending events every second but working when I send it to Phantom on the preview).
Events are in Phantom from Splunk ES, and there are no playbooks at this time.
What I would like to do is to configure a Responsive Action to be set from the Incident that will interact with Phantom. When I go to the incident > Action > Run Adaptive Response Actions, I'm prompted to:

Select actions to run.
+ Add New Response Action

However there are no Response Actions available for Phantom (the Phantom app is installed and configured)

Questions:
Should I see the Adaptive Response for Phantom in Splunk ES to be selected and ran from my Incident Actions?

If now, where would I get the Adaptive Response Action for Phantom?
Is there any documentation on how to create this type of Adaptive Response? (Phantom specific)

Any help, hints, guidance is highly appreciated.

Thanks,
CC

Fr4g3r · ‎11-20-2018

Hi,

Has anyone faced this issue and resolved?

Please help as I am also facing the same?

Regards
Shyam

jamesbanach · ‎06-06-2018

Try this documentation link, see if that helps.
https://my.phantom.us/kb/58/

Phantom 3.5.x Adaptive Response Action in Splunk ES 5.1

installation

troubleshooting

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!