SECURITY

Automation Made Easy: What’s New with Splunk Phantom

The Splunk Security Team is excited to share some of the new and enhanced capabilities of Splunk Phantom, Splunk’s security orchestration, automation and response (SOAR) technology. Phantom’s latest update (v4.10) makes automation implementation, operation and scaling easier than ever for your security team. Using automation, you can more efficiently address the ever-increasing volume of security events your SOC receives each day, reduce mean time to detect (MTTD) and mean time to respond (MTTR), and optimize your security operations. 

Let’s Take a Look at Some of the Recent Innovations: 

  • Custom Functions: Phantom’s custom functions make playbook creation and execution faster and easier. Leverage our out-of-the-box library of custom functions for quick deployment, and easily reuse them across multiple playbooks to minimize playbook development time and automate additional security processes. Check out our on-demand webinar, "Splunk Phantom: Put the Fun in Custom Functions," to learn more.

  • Modular Workbook Development: Phantom’s modular workbooks allow you to effortlessly adapt your security operations workflow. Rather than trying to create all-encompassing end-to-end workbooks that strictly define every single task, modular workbooks allow you to create task modules and combine them in different ways to complete your investigation process. This not only enables more dynamic run-time assignment but also makes workbooks more adaptable and scalable across a variety of use cases. Check out our on-demand webinar “Adaptable Incident Response with Splunk Phantom Modular Workbooks” to learn more.

  • Python 3: Phantom is now Python 3-enabled for custom functions and playbooks. With the release of Phantom 4.10, you have access to conversion scripts that easily allow you to convert your existing Python 2 content, making this change an easy feat. For step-by-step instructions, check out our documentation here.

  • 508 Compliance: We’re excited to announce that Phantom has achieved 508 compliance, ensuring that the Phantom platform is more accessible to those with disabilities. In adherence to Section 508, we implemented keyboard navigation, high contrast buttons and links, and additional support for screen reader technology. We hope that these changes make the Phantom experience easier, more efficient and inclusive. 

    A screenshot of a computer screen

Description automatically generated
  • Markdown Support for Prompts: 4.9 introduced markdown support for a variety of different areas of the product, and 4.10 continues this by extending markdown to playbook prompts. It’s easy to include stylized text, URLs, images and more when soliciting information from users or when providing responses back.


  • Data Retention: Before v4.10, data retention involved managing multiple scripts and cron jobs to age out old data. We’ve created a centralized management script for handling data retention strategies for containers, indicators, audit data, device profiles, notifications and playbook run logs. You’ll now be able to easily define maximum data age for each data type with a single CLI command. With Phantom’s updated data retention feature, managing disk space has become significantly easier.
     

Security automation is now easier than ever — see all of these capabilities in action in this webinar

To learn more about Splunk Phantomwatch a demo or sign up for the Free Community Edition of Splunk Phantom to begin your automation journey today. 

Already a current Phantom user? Check out the 4.10 Release Notes or download Phantom v4.10 to take advantage of the latest updates.

Olivia Courtney
Posted by

Olivia Courtney

As a proud member of the Gator Nation (Go Gators), Olivia graduated from the University of Florida with a degree in Telecommunication News and Broadcasting. From there, she moved to the Big Apple with a TV production job at The Today Show! Three years later, she thought "why not?" move to California, and discovered Splunk. Olivia started on the Global Event Marketing team learning the ins & outs of the tech world, where she fell in love with Security. Now, she's using her creative production skills to help her awesome team get Splunk's Security Product messaging out to the world.

TAGS

Automation Made Easy: What’s New with Splunk Phantom

Show All Tags
Show Less Tags

Join the Discussion