Playbooks execute a series of actions across your security tools in seconds, versus hours or longer if performed manually.
Playbooks automate security actions at machine speed. You can also create custom apps using the App Wizard. Through Apps, Phantom directs your other security tools to perform “actions.” Phantom’s App model supports 300+ tools and 2000+ APIs, so you can connect and coordinate workflows across your team and tools.
Phantom’s Main Dashboard provides an overview of all your data and activity notable events and their severity playbooks connections with other security tools team workloads and a summary of ROI from automated actions.Īpps are the integration points between Splunk Phantom and your other security technologies. This blog is an introduction to Splunk Phantom’s features and capabilities, supported by a series of short videos entitled “SOAR in Seconds.” If you’re new to SOAR tools or Splunk Phantom, we hope these videos will set you up for success. Splunk’s SOAR tool, Splunk Phantom, combines security infrastructure orchestration, automation, threat intelligence, and case management capabilities to streamline your team, processes and tools. By automating a majority of alert triage and incident response, this frees up time for security teams to focus on mission-critical tasks.
#SPLUNK PHANTOM SOAR MANUAL#
A SOAR tool can orchestrate security actions (like investigations, triage, response) across various security products in a team’s arsenal, and automate otherwise manual repetitive security tasks. There’s a lot to love about a Security Orchestration, Automation and Response (SOAR) tool.
0 kommentar(er)
