Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Phantom health alert notification

harishlnu
Engager
3 weeks ago

Hi team,

 

Could you please help me on how to get health alert notification in phantom.

Thanks in advance.

 

Regards,

Harisha

Labels (1)
Labels
0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
3 weeks ago

Hi @harishlnu 

One of the ways is using Rest API - /rest/health of SOAR - status field contains all the daemons health information and additional info on resource utilization.

https://docs.splunk.com/Documentation/SOAR/current/PlatformAPI/RESTInfo#.2Frest.2Fhealth

To monitor I would run an external script or if you are using Splunk Enterprise - by using | restsoar command you can call the above Rest API and create an alert.  You should install official  https://splunkbase.splunk.com/app/6361 Splunk App for SOAR to use  | restsoar command.

--------

Srikanth Yarlagadda

 

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...