A user wants to use their Splunk Cloud instance as the external Splunk instance for Phantom. What ports need to be opened on the Splunk Cloud instance to facilitate this? Assume default ports are in use.
Which of the following will show all artifacts that have the term results in a filePath CEF value?
Where in SOAR can a user view the JSON data for a container?
If no data matches any filter conditions, what is the next block run by the playbook?
When is using decision blocks most useful?
Which is the primary system requirement that should be increased with heavy usage of the file vault?
Which of the following actions will store a compressed, secure version of an email attachment with suspected malware for future analysis?
Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?
When writing a custom function that uses regex to extract the domain name from a URL, a user wants to create a new artifact for the extracted domain. Which of the following Python API calls will create a new artifact?
Within the 12A2 design methodology, which of the following most accurately describes the last step?
Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?
Is it possible to import external Python libraries such as the time module?
When analyzing events, a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?
Which of the following are the default ports that must be configured on Splunk to allow connections from Phantom?
Which of the following is a step when configuring event forwarding from Splunk to Phantom?
How is it possible to evaluate user prompt results?
What is the default embedded search engine used by SOAR?
Without customizing container status within SOAR, what are the three types of status for a container?
A user wants to get the playbook results for a single artifact. Which steps will accomplish the?
What users are included in a new installation of SOAR?
What metrics can be seen from the System Health Display? (select all that apply)
A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?
Which of the following can be done with the System Health Display?
Which of the following roles is appropriate for a Splunk SOAR account that will only be used to execute automated tasks?
The SOAR server has been configured to use an external Splunk search head for search and searching on SOAR works; however, the search results don't include content that was being returned by search before configuring external search. Which of the following could be the problem?
Under Asset Ingestion Settings, how many labels must be applied when configuring an asset?
Which of the following queries would return all artifacts that contain a SHA1 file hash?
Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?