Introducing the Splunk Phantom Platform Version 4.0

We’re excited to announce that a new release of the Splunk Phantom platform, version 4.0, is now available! Phantom is a security orchestration, automation, and response (SOAR) platform designed to help customers dramatically scale their security operations. With Phantom, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting.

This is the first release of Phantom since the team became part of Splunk earlier this year, and we’re happy to include a fresh coat of paint in Splunk style across the Phantom user interface to celebrate our coming together. The release also includes major new functionality throughout.

Key highlights of what’s new in Splunk Phantom 4.0 include:

  • Clustering support for added performance and redundancy

  • Indicator View for threat intelligence style analysis

  • Native Splunk search support

The release also includes numerous other enhancements to the functionality of the platform and the user experience.

Clustering Support

This enables Phantom to scale horizontally using additional instances for added performance and redundancy. Performance scalability is achieved by distributing workloads among multiple nodes of a Phantom cluster. Redundancy of the system is increased by replicating data across nodes of a cluster to ensure the continuity of your mission-critical security operations.

Indicator View

The all new Indicator View provides a new and important way to visualize security data on the Phantom platform. Data is presented in the view organized by indicator, versus event, for easier threat-intelligence style analysis. Indicators include: IP addresses, file hashes, domain names, and any other defined artifact field.

Splunk Search

Splunk is now the default search engine shipped with the Phantom product. Users are able to use their existing or new external Splunk instances to achieve a single source for security data storage. The Elasticsearch engine remains an external option for those that prefer to use it.

Get the Splunk Phantom 4.0 Release!

There much more to the Splunk Phantom 4.0 release, but hopefully we’ve peaked your interest enough to download the latest release so that you can experience it yourself! If you’re not already a member of the Phantom Community, you can sign up and gain access to the FREE Community Edition, as well as other community resources to help you in your security operations journey. Visit https://www.phantom.us/download to get started.


Follow all the conversations coming out of #splunkconf18!

Follow @splunk

Chris Simmons

Posted by