![]() ![]() The former allows you to carry out searches within Splunk and push the resultant events to Phantom for further actioning. For Splunk there is the “Phantom App for Splunk” and for Phantom…you guessed it… the “Splunk” app for Phantom. ![]() Both products have an app available that allows integration with each other. Once we have both in a state were we can access the Web GUI for both, we are ready to start integrating the products. Next we need to install and configure both as per the Splunk and Phantom installation documentation respectively. This is straightforward, with Splunk offering a free version for download (all you need to do is sign up for a free Splunk account) for various platforms, as well as a free Phantom Community Edition offering in the form on an OVA. I had seen Phantom in action previously, and I was impressed by the capability to easily build digitised playbooks which, at their heart are powerful and flexible python elements, but can be built quickly and easily using a graphical drag-and-drop interface.Īnother factor also happens to be that, Like Splunk, Phantom offers a free version!Īfter attending a Phantom familiarisation session, I was keen to better understand how Splunk and Phantom integrate – Which gave me the perfect excuse…err…reason to integrate Phantom into my Splunk instance at Home.įirst things first, we will need a copy of both Splunk and Phantom. Having worked with Splunk for over 7 years, I was excited to learn that Splunk was acquiring Phantom. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |