Install: TruSTAR for Splunk Phantom Cyber

Updated 1 month ago by TruSTAR

This document explains how to install the TruSTAR Workflow App for Splunk Phantom Cyber. You can use this App to set up Phantom Cyber orchestration playbooks that utilize the context of TruSTAR’s Intelligence Reports and Indicators.


Installing the App

The certified TruSTAR Workflow App is available for direct download through the Phantom app store. TruSTAR recommends this process rather than manually installing it.

If you cannot download the app from the Phantom app store, you can manually install it using directions in the TruSTAR for Phantom FAQ.

Configuring the App

  1. Enter the required information in the Asset Info tab.
  2. Click the Asset Settings tab and enter the following information:
  • URL:
  • OAuth client ID and secret key- Your TruSTAR API credentials (Finding your API Keys)
  • Enclave IDs: All the enclave IDs that you would like to either submit reports to or search through when using the Workflow App (Finding Enclave IDs)
  1. Click the TEST CONNECTIVITY button. If the test fails, recheck your credentials. If the test still fails, contact for assistance.
  2. Click the SAVE button to save configuration details.
  3. Click the Ingest Settings tab.
  4. Change any settings, as required for your environment.
  5. Click SAVE to save any changes you made.

How Did We Do?