Which of the following is a step when configuring event forwarding from Splunk to Phantom?
Which of the following is a step when configuring event forwarding from Splunk to Phantom?
A . Map CIM to CEF fields.
B . Create a Splunk alert that uses the event_forward.py script to send events to Phantom.
C . Map CEF to CIM fields.
D . Create a saved search that generates the JSON for the new container on Phantom.
Answer: B
Explanation:
A step when configuring event forwarding from Splunk to Phantom is to create a Splunk alert that uses the event_forward.py script to send events to Phantom. This script will convert the Splunk events to CEF format and send them to Phantom as containers. The other options are not valid steps for event forwarding. See Forwarding events from Splunk to Phantom for more details.
Configuring event forwarding from Splunk to Phantom typically involves creating a Splunk alert that leverages a script (like event_forward.py) to automatically send triggered event data to Phantom. This setup enables Splunk to act as a detection mechanism that, upon identifying notable events based on predefined criteria, forwards these events to Phantom for further orchestration, automation, and response actions. This integration streamlines the process of incident management by connecting Splunk’s powerful data analysis capabilities with Phantom’s orchestration and automation framework.
Latest SPLK-2003 Dumps Valid Version with 58 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund