Phantom Mission Control
Phantom Mission Control brings event data and SOC tools together into one consolidated view. A part of the Phantom Platform’s event and case management capabilities, Phantom Mission Control enables an analyst to efficiently understand, investigate, decide, and act on an event. The interface includes access to all event activity history, contextual and interactive data views, a digital vault for attachments, as well as fully-integrated automation and case management controls. Phantom Mission Control was designed to enable you to quickly pivot around event data, eliminating constant switching between different screens and tools.
Phantom Mission Guidance
Phantom Mission Guidance is an intelligent assistant that’s fully integrated into Phantom Mission Control. It supports security operations analysts by offering suggestions to help investigate, contain, eradicate, and recover from a security event. It works by mapping security event data to your currently configured SOC tools and playbooks. Phantom Mission Guidance recommendations help educate newer analysts on steps to take and validate the choices of more experienced analysts.
The Activity Feed in the Phantom Mission Control interface displays all current and historical action and playbook activity that has acted on the currently displayed event. This allows you to quickly see the success, ongoing execution, and results of all automation operations for the event. The Activity Feed also provides team collaboration capabilities that are integrated inline with automation details and other data, forming a record of all relevant event information.
Case Management is fully integrated into Phantom Mission Control, allowing you to easily promote a verified event to a case. It also allows continued access to all tools, features, and data available in one interface. Case Management supports case tasks that map to your defined Standard Operating Procedures (SOPs). Moreover, Case Management has full access to the Phantom Automation Engine, allowing you to launch actions and playbooks as part of a task.
Workbooks allow you to codify your SOPs into reusable templates. Phantom supports custom and industry standard workbooks, like the included NIST-800-61 template for incident response. You are able to divide tasks into phases (e.g. detection, analysis, containment, eradication, and recovery), assign tasks to team members, document work, and more. You can also embed automation actions and playbooks directly into the workbook templates that you define.