Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to separate saved search exports in Phantom app for different Splunk users?

noysherer
Explorer
‎11-04-2018 01:18 AM

I work in an environment where there are different projects for different developers. I want each project to receive events from Splunk (enterprise) alerts to Phantom, and for the developers to create their own saved search exports, however, don't want them to see each other's export details.

So basically my problem is that if I give their Splunk users permissions to the Phantom app then they can see all of the exports, and I can't be the one that creates all of their exports because each project has dozens.

Is there maybe a more efficient way to send events from Splunk enterprise to Phantom without using the exports?

Thank you for your help.

Labels (3)
Reply

sbrant_splunk
Splunk Employee
Splunk Employee
‎05-28-2019 10:35 AM

If you're not using Splunk Enterprise Security, then there is no Notable ID to send to Phantom. In this case, if you're just using Splunk Enterprise (core), you can use an Adaptive Response action that is provided with the Phantom app for Splunk (https://splunkbase.splunk.com/app/3411/) to forward your alerts. You can choose either "Send to Phantom" or "Run Playbook in Phantom". The documentation is at https://my.phantom.us/4.2/docs/admin/splunk

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...