Solved: How to select the "create server" button for splun...

TamishaJ · ‎07-25-2022

Have anyone ran across the following issue before?

I am trying to implement the Splunk SOAR app but we are not able to select the “create server” button. We have referred to the online documentation but we do not see the option to replace each instance of phantom with splunk_app_soar.

phanTom · ‎07-26-2022

@TamishaJ this sounds like a permissions issue.

Are you on Splunk Cloud? If so then I believe a few people have had issues seeing the correct permissions group on Splunk Cloud and required support involvement.

If on-prem, make sure the account has the relevant phantom role(s) in Splunk and you should be able to access the Create Server capability.

Happy SOARing!

View solution in original post

phanTom · ‎07-26-2022

@TamishaJ this sounds like a permissions issue.

Are you on Splunk Cloud? If so then I believe a few people have had issues seeing the correct permissions group on Splunk Cloud and required support involvement.

If on-prem, make sure the account has the relevant phantom role(s) in Splunk and you should be able to access the Create Server capability.

Happy SOARing!

How to select the "create server" button for splunk_app_soar configuration?

administration

configuration

installation

troubleshooting

upgrade

using SOAR ⁄ Phantom

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration