I work in an environment where there are different projects for different developers. I want each project to receive events from Splunk (enterprise) alerts to Phantom, and for the developers to create their own saved search exports, however, don't want them to see each other's export details.
So basically my problem is that if I give their Splunk users permissions to the Phantom app then they can see all of the exports, and I can't be the one that creates all of their exports because each project has dozens.
Is there maybe a more efficient way to send events from Splunk enterprise to Phantom without using the exports?
Thank you for your help.
... View more