icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

Thank You

Downloading Phantom App for Splunk
SHA256 checksum (phantom-app-for-splunk_2622.tgz) 4d4c37435fa534a409c1e3b736944533d3ba9bfed1d07b2ab79164a812f81034 SHA256 checksum (phantom-app-for-splunk_2523.tgz) b2780596179d478bb96a498744ce82a28539b93f686d5e86c2c2815d2f5404e3 SHA256 checksum (phantom-app-for-splunk_252.tgz) 76aaa105685623c1120444b592f1df4e21762eaa80a66821057c94c80745dd24 SHA256 checksum (phantom-app-for-splunk_2418.tgz) 63166de311e5c1d2886827e095c43e44563c5f3f779eaa0d061aaa0132709662 SHA256 checksum (phantom-app-for-splunk_2417.tgz) 859a0761350e6426e4d7f286e7d52f431c67f243a06cd40254e0eb0f09f5672f SHA256 checksum (phantom-app-for-splunk_2416.tgz) 581c9bbb618e41789f4c7b00e3ca27a8681c240662b88fc0977e5de4b7e4ccfc SHA256 checksum (phantom-app-for-splunk_2415.tgz) edc45346fa387af87a93cee882975dcd27a9c6566bde074e98756904ebab014d SHA256 checksum (phantom-app-for-splunk_2312.tgz) 75bfde5a001def37d711b747b92d138110cd3f41c1450ca4d785d4444a826c48 SHA256 checksum (phantom-app-for-splunk_2217.tgz) fceef2eb5a8864dc7bdd65ef810719bb4328b6c1b9f7b0075b9a2e4b3205abc4
To install your download
For instructions specific to your download, click the Details tab after closing this window.
To install apps and add-ons from within Splunk Enterprise
  1. Log into Splunk Enterprise.
  2. On the Apps menu, click Manage Apps.
  3. Click Install app from file.
  4. In the Upload app window, click Choose File.
  5. Locate the .tar.gz file you just downloaded, and then click Open or Choose.
  6. Click Upload.
  7. Click Restart Splunk, and then confirm that you want to restart.
To install apps and add-ons directly into Splunk Enterprise
  1. Put the downloaded file in the $SPLUNK_HOME/etc/apps directory.
  2. Untar and ungzip your app or add-on, using a tool like tar -xvf (on *nix) or WinZip (on Windows).
  3. Restart Splunk.
After you install a Splunk app, you will find it on Splunk Home. If you have questions or need more information, see Manage app and add-on objects.

Flag As Inappropriate

Phantom App for Splunk

Splunk Built
Overview
Phantom can use Splunk® (as well as over 220 other products) as a source of events and artifacts. Phantom refers to this kind of Asset as an "Ingestion Asset".
Phantom is a security automation and orchestration platform that integrates with your existing security technologies in order to provide a layer of “connective tissue” between them.
Phantom streamlines security operations through the execution of digital “Playbooks” to achieve in seconds what may normally take minutes or hours to accomplish with the dozens of point products that you use every day.
Phantom doesn’t replace existing security products, but instead makes your investment in them smarter, faster and stronger.
Phantom accomplishes this through a logical architecture that abstracts product capabilities, through the Phantom App model, into simple Actions that can be automated from within Playbooks. This allows Phantom to act as an "operating system" for your security products.

Release Notes

Version 2.6.22
Jan. 25, 2019

Be sure to read the README and follow instructions for upgrading from version 2.5.23 to 2.6.22.

Version 2.6.22 Release notes:
- Added dropdown for selecting servers and playbooks in Run Playbook in Phantom ES Adaptive Response action
- Added ability to optionally specify Phantom label for ES Adaptive Response actions
- Improved logging functionality and ES Adaptive Response results
- Improved Server Configuration UI for adding and updating configurations. Added 'default' server, test connectivity, and sync playbooks features
- Forwarding configuration destinations now update when corresponding server configurations are changed
- Added Phantom authorization token obfuscation
- Added Phantom logo to Splunk Apps dropdown menu
- Added alert actions support for custom CEF fields to be displayed in Phantom containers
- Added requests library to app
- Bug fix artifacts receiving incorrect forwarding configuration export labels
- Bug fix parsing issues on Splunk for Windows

Version 2.5.23
Aug. 18, 2018

This app imports Splunk_SA_CIM and SA_Utils libraries, version 4.8.0.
Third party libraries included in this app:
- jQuery-datatables https://datatables.net/
- Select2 https://select2.org/

Version 2.5.23 Release notes
- Added Federal Information Processing Standard (FIPS) support
- Added support for automatically extracting Fields on the saved search export (no wildcard support)
- Added support for auto-populating cef fields when custom cim field is added
- Changed timing model to use index time instead of _time for newly created data model export
- Bug fixes on Internet Explorer, preview window settings, Adaptive Response Action window
- See README.txt for further details on IE 11, FIPS and custom latency usage

Version 2.5.2
June 13, 2018

This app imports Splunk_SA_CIM and SA_Utils libraries, version 4.8.0.

Third party libraries included in this app:
- jQuery-datatables https://datatables.net/
- Select2 https://select2.org/

===========================
Version 2.5.2 Release notes
===========================
- Support for Splunk 7.1
- Updated copyright information
- Performance improvement on Export configuration with a large number of field mappings
- Bug fix on search field resetting when saved search or data model export is changed
- Bug fix on Export configuration losing updates when the mouse is clicked on outside the configuration window
- Bug fix on selection of invalid value for Scheduled time units
- Bug fix on destinationTranslatedAddress and bytesIn field mappings
- Bug fix on container label when upgrading from 2.2.x version

Version 2.4.18
May 23, 2018

All user documentation can be found in the Phantom platform in Documentation, Administration Manual, Data Sources, Splunk.
You may also visit https://my.phantom.us/docs/admin/splunk with your Phantom account.
Contact support@phantom.us for any support or installation issues. The only system requirement is a functional installation of the Phantom platform.

This app imports Splunk_SA_CIM and SA_Utils libraries, version 4.8.0.

Third party libraries included in this app:
- jQuery-datatables https://datatables.net/
- Select2 https://select2.org/

==================
Installation Notes
==================

===========================
Version 2.4.18 Release notes
===========================
- Bug fix on time string error when sending Data Model export on Windows server
- Bug fix on export name containing white space on Windows server

Version 2.4.17
May 21, 2018

===========================
Version 2.4.17 Release notes
===========================
- Bug fix on time string error when sending Data Model export on Windows server
- Bug fix on export name containing white space on Windows server

Version 2.4.16
May 16, 2018

Important notes for the previous versions are included in the README.txt in the package.

===========================
Version 2.4.16 Release notes
===========================
- Bug fix on time string error when sending Data Model export on Windows server
- Bug fix on export name containing white space on Windows server

Version 2.4.15
May 16, 2018

Version 2.3.12
Dec. 11, 2017

Important notes for this version are included in the README.txt in the package.

Highlights of this release:
* Remove SSL Verification checkbox, add the ability to enable/disable SSL Verification via REST (see README.txt in the package). Note this is prohibited on Splunk Cloud.
* Make dropdown fields in the configuration easier to use by sorting and filtering.
* Add "save" next to "save and preview"
* Include URL to Splunk Results - "_originating_search" now appears in the artifact CEF for adaptive response actions.
* Add clone button for event forwarding configuration
* Added free-form entry of destination labels
* Added the ability to execute a playbook from Alert Actions
* Resolve a javascript security issue noted by Splunk security review.
* Resolve error messages in logs, improved error handling

Version 2.2.17
Sept. 20, 2017

- Update for Splunk Cloud certification
- Force SSL Verify always enabled, Customer can not choose to disable SSL Verification
- No other functional changes since 2.2.9

885
Installs
3,790
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.