IT & IoT Security | Cloud | It's all about the life itself

Nothing in life is as important as you think it is, while you are thinking about it.

Splunk Phantom , initial configuration

Once you have login to web UI, you will be guided to initial configuration like data source selection(in my lab environment data source is Splunk Enterprise). You can choose more than one data source like IBM QRadar , REST etc.

Once you have hit the save , you will be provided an access token which you will use when you are configuring Phantom app for Splunk. Note it carefully. It will be similar to one below.

{
	"ph-auth-token": "VuPRSSZ_Crop_for_security_resoon_9mx4POeKEsM=",
	"server": "https://s_name_1.northeurope.cloudapp.azure.com"
}

Next stage, you will be asked to choose a demo playbook, I would rather prefer investigate playbook.

You might require additional access tokens and API keys depending on the app selection just under the investigation apps.

Regards