Richard Devera

Integration with Splunk Phantom

Discussion created by Richard Devera Employee on Dec 26, 2018
Latest reply on Dec 27, 2018 by Richard Devera

In an effort to start building the Check Point/Phantom ecosystem, I'm posting an integration document I created to share with the community; and to understand the need to increase our footprint with Phantom (now Splunk Phantom).  I have a Github site setup for to collect Playbooks; json; rpm's; and Python files (see below)   The document is still in draft and currently under review and will welcome any feedback.  The document is an integration guide and is not the authority nor a tutorial for Phantom.  The Phantom management portal has a very extensive documentation.

 

The document was written with R80.10, but I'm currently testing R80.20M2 with this as the API features are much more extensive.

 

The R80 REST API is very powerful and will continue to have features added in future releases.  

 

 

 

Github:  GitHub - rickdevera/phantom-checkpoint 

 

automation

 

/richard devera

Outcomes