Mission Control brings event data and SOC tools together into one consolidated view. A part of the Phantom Platform’s event and case management capabilities, Mission Control enables an analyst to efficiently understand, investigate, decide, and act on an event. The interface includes access to all event activity history, contextual and interactive data views, a digital vault for attachments, as well as fully-integrated automation and case management controls. Mission Control was designed to enable you to quickly pivot around event data, eliminating constant switching between different screens and tools.
Mission Guidance is an intelligent assistant that’s fully integrated into Mission Control. It supports security operations analysts by offering suggestions to help investigate, contain, eradicate, and recover from a security event. It works by mapping security event data to your currently configured SOC tools and playbooks. Mission Guidance recommendations help educate newer analysts on steps to take and validate the choices of more experienced analysts.
The Activity Feed in the Mission Control interface displays all current and historical action and playbook activity that has acted on the currently displayed event. This allows you to quickly see the success, ongoing execution, and results of all automation operations for the event. The Activity Feed also provides team collaboration capabilities that are integrated inline with automation details and other data, forming a record of all relevant event information.
Case Management is fully integrated into Mission Control, allowing you to easily promote a verified event to a case. It also allows continued access to all tools, features, and data available in Mission Control. Case Management extends Mission Control by adding case tasks that map to your defined Standard Operating Procedures (SOPs). Moreover, Case Management has full access to the Phantom Automation Engine, allowing you to launch actions and playbooks as part of a task.
Case Templates allow you to codify your SOPs into case management workflows. Phantom supports custom and industry standard templates, like the included NIST-800-61 template for incident response. You are able to divide tasks into phases (e.g. detection, analysis, containment, eradication, and recovery), assign tasks to team members, document work, and more. You can also embed automation actions and playbooks directly into the templates that you define.