![]() ![]() The Splunk Phantom App for Splunk requires the admin user to run the phantom_retry.py script every 60 seconds to try to send any events that could not be sent earlier. In situations where events can't be sent from Splunk Cloud Platform to Splunk Phantom or Splunk SOAR using alert actions, adaptive response actions, or event forwarding, the events are stored in the phantom_retry KV Store collection. The Splunk Phantom App for Splunk requires that a user with administrative privileges installs both the Splunk Phantom App for Splunk and Splunk software.After you have the correct privileges, open access from Splunk Cloud Platform to port 8089 using the Admin Config Service (ACS) API. Work with your support team to make sure your Splunk Cloud Platform environment is ready to install the Splunk Phantom App for Splunk:īefore you begin the installation process, submit a support request to the Splunk Cloud Platform team to make sure the administrative user has the correct privileges. Work with your support team to meet Splunk Cloud Platform requirements Verify that your environment is ready to use the Splunk Phantom App for Splunk to integrate Splunk Phantom or Splunk SOAR with your Splunk deployment. What you need to install the Splunk Phantom App for Splunk on Splunk Cloud Platform ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |