Phantom

Harness the full power of your existing security investments. With Splunk Enterprise Security and Phantom, you can execute actions in seconds instead of hours or more if performed manually.

PHANTOM FEATURES
The Phantom Security Operations Platform supports six key functions in the SOC to help you work smarter, respond faster, and strengthen your defenses.

Automation

Phantom enables you to work smarter by executing actions across your security infrastructure in seconds, versus hours or more if performed manually. Codify your workflows into automated playbooks using our visual editor (no coding required) or the integrated Python development environment.

 

Reporting & Metrics

Reporting and Metrics provide human oversight and auditing capabilities. Dashboards consolidate all critical information needed to understand the current state of your security operations. Reports provide executive level and detailed technical reporting for any event or case.

 

Orchestration

Phantom’s flexible app model supports hundreds of apps and thousands of APIs, enabling you to connect and coordinate complex workflows across your team and tools. Powerful abstraction allows you to focus on what you want to accomplish, while the platform translates that into tool-specific actions.

 

Case Management

Confirmed events can be aggregated and escalated to Cases within Phantom. Customize one of our Case Templates or create your own that model your standard operating procedures, allowing you to efficiently track and monitor case status and progress.

 

Collaboration

In-context collaboration allows you to stay focused on your current mission. From integrated chat to shared case notes, Phantom helps you increase situational awareness and drive efficient communications across your team. Mission Guidance and Mission Experts augment your team with helpful suggestions.

 

Event Management

Use Splunk Enterprise Security with Phantom to triage events or other security objects in an automated, semi-automated, or manual fashion. You can review event details, enrich events with contextual information, and act rapidly.