The correct answer is C because configuring Phantom search to use an external Splunk server allows
you to automate Splunk searches within Phantom using the run query action. This action can be used
to run any Splunk search command on the external Splunk server and return the results to Phantom.
You can also use the format results action to parse the results and use them in other blocks.
See Splunk SOAR Documentation for more details.
Configuring Phantom (now known as Splunk SOAR) to use an external Splunk server enhances the
automation capabilities within Phantom by allowing the execution of Splunk searches as part of the
automation and orchestration processes. This integration facilitates the automation of tasks that
involve querying data from Splunk, thereby streamlining security operations and incident response
workflows. Splunk SOAR's ability to integrate with over 300 third-party tools, including Splunk,
supports a wide range of automatable actions, thus enabling a more efficient and effective security
operations center (SOC) by reducing the time to respond to threats and by making repetitive tasks
more manageable
https://www.splunk.com/en_us/products/splunk-security-orchestration-and-automationfeatures.html
