Splunk SOAR

Ask a Question

Discussions

Thread Info

Forwarding Splunk events to Phantom automatically

Hi , I have integrated splunk with Phantom and can send the events to phantom by clicking on send to Phantom butto...

by Explorer in

How can I determine my Phantom Version?

How do I find which version of Phantom I'm running from the console/ssh? (Captured question from Phantom Community...

by Splunk Employee in

Phantom: How to retrieve audit logs from Phantom and ingest into Enterprise Security on Splunk?

I want the below audit information from Phantom server ingested into Splunk ES and how to retrieve it?1) Login Succes...

by Splunk Employee in

How to unzip and parse an email attachment in Phantom

Phantom is monitoring an email box for me, and every email will have exactly one attachment: a zipped .msg file. I ne...

by Path Finder in

I was wondering if any of you had a cheat sheet to make playbooks to help automate my job for beginners.

So pretty much, -Grabs the list of all vulnerabilities from big fix and/or tenable -get subnets of the modes we wi...

by New Member in

Phantom: How to generate a report on cases that are created ?

Team, I am looking for a way to generate a summary report on cases that we have in Phantom ? Which will include ca...

by Engager in

Events not received in Phantom

I have created an alert in Splunk that fires off once a particular type of event is detected and also configured an a...

by Motivator in

Phantom environment is not stable occasionally !

1) We have installed Phantom on Linux server and while executing playbooks in automation mode ,Our platform is gettin...

by Explorer in

Questions about Phantom License: Counting User Seat (User Base)

Hi Team, Could you please help me with the questions about Counting User Seat.Also, If there is, It is happy to tell ...

by Splunk Employee in

configure Phantom app in Splunk through RestApi

Hi, Trying to post the token and servername from the Phantomserver, into the Phantom app on the Splunk-server. ...

by Path Finder in

I wonder about the configuration of phantom.

Hello. I wonder about the configuration of phantom. Question 1.Most of company in Korea need to separated netwo...

by New Member in

installation using rpm - authorization

We have been working on getting an installation of phantom running in a centos:7 docker container using rpm, but are ...

by Explorer in

Phantom Playbook calling playbook block synchronous

I have a top level playbook that calls two playbooks, on that does some analysis and the second one that promotes the...

by New Member in

Embed rich view in phantom custom app

We have a python script that basically does "ip address -> ... python-generated splunk calls + viz api calls -> url o...

by Explorer in

Create table of paramaterized links in Phantom

When looking at the result of a Phantom automation, say on IP1 & IP2 + User1 & User2, we'd like to also have a table ...

by Explorer in

Are there any locking or concurrency guarantees when playbooks are operating on a container?

Question: Are there any locking or concurrency guarantees when playbooks are operating on a container? Issue I am ...

by New Member in

Issue to Map fields between QRadar and Phantom

Hello, I'm using the QRadar integration on Phantom, and we can define the mapping between Phantom and QRadar.I got...

by New Member in

Example of how to investigate and remediate phishing emails with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to investigate and remediate phishing emails?

by Splunk Employee in

Example of how to hunt for threats with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to hunt for threats?

by Splunk Employee in

Example of how to protect an EC2 group from malicious traffic with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to protect an EC2 group from malicious traffic?

by Splunk Employee in

Example of how to determine if an IP address is malicious with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to determine if an IP address is malicious?

by Splunk Employee in

Example of how to automatically contain malicious insiders with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to automatically contain malicious insiders?

by Splunk Employee in

Example of how to investigate and remediate malware infections with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to investigate and remediate malware infections?

by Splunk Employee in

Example of how to prompt an analyst to block an endpoint with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to prompt an analyst to block an endpoint?

by Splunk Employee in

Example of how to investigate and contain ransomware with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to investigate and contain ransomware?

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk SOAR

Discussions

Forwarding Splunk events to Phantom automatically

How can I determine my Phantom Version?

Phantom: How to retrieve audit logs from Phantom and ingest into Enterprise Security on Splunk?

How to unzip and parse an email attachment in Phantom

I was wondering if any of you had a cheat sheet to make playbooks to help automate my job for beginners.

Phantom: How to generate a report on cases that are created ?

Events not received in Phantom

Phantom environment is not stable occasionally !

Questions about Phantom License: Counting User Seat (User Base)

configure Phantom app in Splunk through RestApi

I wonder about the configuration of phantom.

installation using rpm - authorization

Phantom Playbook calling playbook block synchronous

Embed rich view in phantom custom app

Create table of paramaterized links in Phantom

Are there any locking or concurrency guarantees when playbooks are operating on a container?

Issue to Map fields between QRadar and Phantom

Example of how to investigate and remediate phishing emails with Splunk Phantom?

Example of how to hunt for threats with Splunk Phantom?

Example of how to protect an EC2 group from malicious traffic with Splunk Phantom?

Example of how to determine if an IP address is malicious with Splunk Phantom?

Example of how to automatically contain malicious insiders with Splunk Phantom?

Example of how to investigate and remediate malware infections with Splunk Phantom?

Example of how to prompt an analyst to block an endpoint with Splunk Phantom?

Example of how to investigate and contain ransomware with Splunk Phantom?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Benefit of using Custom Functions vs Creating a Ap...

Assigning Alerts/Cases Across Teams with Restricte...

SOAR Automation

splunk soar run query action in splunk APP

Help with Display Extracted List Items Vertically ...

Splunk SOAR

Are you a member of the Splunk Community?

Discussions