When paired with the Splunk Cortex® Xpanse™ Technical Add-on (TA), the Cortex Xpanse Phantom App lets Splunk users consume Cortex Xpanse data to generate new events and cases based on your priorities automatically.

The Phantom app also lets users run enrichment commands to ingest additional data from Cortex Xpanse into Phantom. Users can automate these commands as part of a playbook or provide ad-hoc enrichment during event/case investigations.

For more information, see this blog post announcing the Cortex Xpanse-Splunk Phantom integration.