If I use the splunk app to make a search against my splunk instance say with the query However, this behaviour also exists in all the other apps such as the splunk app. Maybe this is intended behavior? To me this is weird, but since this is in my own app I just have to find ways to get around it. instead what results is that I get an action result with 4 duplicates of the above data, effectively 16 entries: It makes sense that I might want to do something like:Īnd expect to get an action result with 4 entries. Option httpchk GET /check HTTP/1.I am trying to learn Phantom app development using an on-prem phantom installation, and have come across really weird behavior with adding data to action_results. # bind *: ssl crt /etc/haproxy/certificates no-sslv3 # for unprivileged installs, add another declaration Use these as a guide when configuring items for use in your Splunk Phantom deployment.īind *:443 ssl crt /etc/haproxy/certificates no-sslv3 no-tlsv10 ciphers This section contains example configuration files. Store it in a secure location or delete it after the cluster configuration is complete. The mcn_responses.json file contains secrets such as usernames and passwords in plain text. Some versions of the responses.json file contain passwords. Show the program version number and exit. The default is /opt/phantom/bin/response.json.ĭelete the responses file used from the machine with the script completes. Set the location to record the responses.json file. This version of the file does not contain passwords. This version of the file does contain passwords.Ĭreate to a responses.json file to use when running this script on another node. Send prepared responses from mcn_responses.json or responses.json to the script.Ĭreate to a responses.json file to use when running this script on another node. A cluster node is a single instance of Splunk Phantom supported by one or more server nodes.
#SPLUNK SOAR COMMUNITY EDITION INSTALL#
Install Splunk Enterprise to act as remote search endpoint for the cluster.Ĭonvert an OVA install of Splunk Phantom into a cluster node for a cluster. Install HAProxy to act as a load balancer for the Splunk Phantom cluster. The directory tree starts with /opt/phantom/shared.Ĭreate the Splunk Phantom PostgreSQL database on this node to act as an external database. This option creates a best effort version of mcn_responses.json to be used with make_cluster_node.pyc.Ĭreate and configure a single node GlusterFS file share on this node for Splunk Phantom. Install HAProxy, PostgreSQL, GlusterFS, and Splunk on this node. A server node provides one or more of the services a cluster requires, such as proxy, database, file share, or search endpoint. Do not display the warning prompt.Ĭonvert an OVA install of Splunk Phantom into a server node for a cluster. Use these options to control the make_server_node.pyc command.ĭisplay a list and description of arguments. Specify which version of Splunk Phantom to install. Installs PostgreSQL from Red Hat Source Collections. Installs a minimal Git package without the Perl Git module. Run the watchdog daemon with reduced privileges.
Use these arguments to control the phantom_setup.sh script. Phantom_tar_install.sh install -without-apps phantom_setup.sh options Apps can be installed later using the GUI.ĭo not check for available space in /tmp before attempting to install.īelow is an example command that will install Splunk Phantom without installing any of the apps that ship with Splunk Phantom: Run the script without a confirmation prompt.ĭo not install any of the apps that ship with Splunk Phantom. Set the custom HTTPS port for Splunk Phantom. Only use this to install Splunk Phantom as an unprivileged user. Use these arguments to control the phantom_tar_install.sh script. This section lists various installation scripts and their command line options. You should change the default passwords immediately after you install Splunk Phantom. You must use the SSH key created when deploying the AMI version of Splunk Phantom. The default credentials of a new AMI installation of Splunk Phantom are: SSH accounts for virtual machine image (.OVA), unprivileged installations The default credentials on a new installation of Splunk Phantom are: This section has the default Splunk Phantom credentials, script options and example configuration files. Splunk Phantom default credentials, script options, and sample configuration files
0 kommentar(er)
