I'm trying to integrate Splunk ES 5.1 running on Splunk Core 7.1.
I have the Phantom app configured, connected to the Phantom server (not sending events every second but working when I send it to Phantom on the preview). Events are in Phantom from Splunk ES, and there are no playbooks at this time. What I would like to do is to configure a Responsive Action to be set from the Incident that will interact with Phantom. When I go to the incident > Action > Run Adaptive Response Actions, I'm prompted to:
Select actions to run. + Add New Response Action
However there are no Response Actions available for Phantom (the Phantom app is installed and configured)
Questions: Should I see the Adaptive Response for Phantom in Splunk ES to be selected and ran from my Incident Actions?
If now, where would I get the Adaptive Response Action for Phantom? Is there any documentation on how to create this type of Adaptive Response? (Phantom specific)