Troubleshootingġ- Drop-down input (such as username, label or container ID) in my dashabords is not showing all expected valuesĪ lot of the drop-down lists in the Splunk App for Phantom Reporting are dynamically generated by searches. You can get the userids/username mapping from your Phantom instance under Administration -> User Management -> Users and click on each individual user to get the userid. Each entry should map the phantom userid to the phantom username. This can be done by following the steps highlighted in the Splunk Phantom Remote Search manual which can be found here:ģ- Deploy the Splunk App for Phantom Reporting on search head(s) in your environmentĤ- Edit phantomusers.csv file under /etc/apps/splunk_app_phantom/lookups and add new entries. This add-on creates the indices and roles used by Phantom when configured to use an external Splunk instance for search data.Ģ- To enable the integration, go through the steps to configure "External Splunk" in Phantom. Īs an example, -splunk-soar-home /opt/soar installs to the directory /opt/soar.This app relies on using Phantom with Splunk as external instance.ġ- Start by deploying the Phantom Remote Search add-on: That directory must exist and must be owned by the user account that will run. Use the -splunk-soar-home argument to specify the directory where will be installed. Run the soar-install installation script with the same arguments you included in the soar-prepare-system script.Do not perform the installation command as the root user. Make sure you are logged in as the user meant to own the installation. Set system resource limits for Splunk SOAR user, particularly file descriptor limits, which are low by default.Do you want to set a password for now? (Y/n): Answer Y if you created a non-privileged user for running Splunk SOAR (On-premises) in the previous step.(Y/n): If prompted, you must answer Y to proceed. Create a non-privileged user for running Splunk SOAR (On-premises). Do you want to run this step? (Y/n): Answer Y.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |