System requirements for production use

Systems for production must meet or exceed the listed requirements:

System Area Requirement
Operating system

Any of the supported operating systems.

Processor1 server-class CPU, 4 to 8 cores
MemoryMinimum of 16GB RAM, 32GB recommended
StorageSplunk SOAR (On-premises) needs storage for multiple volumes:
  • Splunk SOAR (On-premises) home directory also known as <$PHANTOM_HOME>: 500GiB
    • mounted as either /opt/phantom/ or as <$PHANTOM_HOME>
  • Phantom data: 500GiB
    • mounted as either /opt/phantom/data or <$PHANTOM_HOME>/data
      The PostgreSQL database will be stored underneath the Phantom Data mount at: <$PHANTOM_HOME>/data/db
  • File share volumes: 500GiB
    • mounted as /opt/phantom/vault or <$PHANTOM_HOME>/vault

Disk space requirements vary depending on the volume of data ingested and the size of your production environment.

NetworkA one-gigabit network interface
System utilities
  • cron
    • The user account that runs Splunk SOAR (On-premises) must have permission to create cron jobs.
  • ntp or chrony
CAUTION: If you use the Files feature to store virtual machine snapshots or other large-format data, it is recommended you use a larger volume for storage.