Splunk Exam SPLK-2003 Topic 1 Question 35 Discussion

Actual exam question for Splunk's SPLK-2003 exam

Question #: 35
Topic #: 1

Which of the following is a step when configuring event forwarding from Splunk to Phantom?

AMap CIM to CEF fields.

BCreate a Splunk alert that uses the event_forward.py script to send events to Phantom.

CMap CEF to CIM fields.

DCreate a saved search that generates the JSON for the new container on Phantom.

Show Suggested Answer

Suggested Answer: C

by Delisa at Feb 09, 2024, 03:17 PM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!