-
Notifications
You must be signed in to change notification settings - Fork 334
Bring Your Own Phantom
This is a new feature that allows you to use a separate long-lived instance of Splunk Phantom with an ephemeral Attack Range. Instead of being prompted for my.phantom.us community credentials, you'll be prompted for the connection details to your Phantom server. This is for the automatic configuration of the Phantom App for Splunk.
If your Phantom server is not accessible from your attack range, this configuration will fail silently and you will need to manually configure the Phantom App for Splunk yourself, or use an alternate method to get your events into Phantom.
In order to ensure success of automatic configuration you will need to allow network connectivity from the Attack Range's Splunk server, in addition to ensuring the Splunk server is an allowed IP for the automation user you're using..