Notifications
Clear all
Topic starter
04/11/2022 5:20 am
Which of the following is a step when configuring event forwarding from Splunk to Phantom?
- A . Map CIM to CEF fields.
- B . Create a Splunk alert that uses the event_forward.py script to send events to Phantom.
- C . Map CEF to CIM fields.
- D . Create a saved search that generates the JSON for the new container on Phantom.
Suggested Answer: C