Splunkのトレーニング + 認定

Developing Phantom Playbooks

Course Description

This two virtual-day course prepares IT and security practitioners to
plan, design, create and debug playbooks for Phantom.

Instructor-led Training Schedule

Course Prerequisites

Classes:
  • Phantom Administration
Skills:
  • Experience with Python Programming

Course Topics

  • Automation best practices
  • The visual playbook editor
  • Using actions and decisions
  • Using action results
  • Testing and debugging playbooks
  • User interaction
  • Direct code editing
  • Output formatting
  • Complex logic
  • Interacting with artifacts
  • Using the vault in a playbook
  • Custom lists
  • External REST APIs

Course Objectives
 

Module 1 – Basic Playbooks
  • Understand automation best practices
  • Use the visual playbook editor
  • Use actions and decisions
  • Process action results
  • Test new playbooks
Module 2 – User Interaction
  • Interact with users during playbook execution
  • Format outputs
Module 3 – Advanced Playbooks
  • Complex logic
  • Calling other playbooks
  • Working with artifacts and files
Module 4 – Custom Code
  • Edit the global block
  • Use custom functions
  • Using callbacks and scheduled actions
Module 5 – Custom Lists
  • Custom list concepts
  • Create custom lists
  • Access lists from playbooks
Module 6 – REST API
  • External REST API concepts
  • Use authentication tokens
  • Format query strings
  • Access custom lists via REST
  • Create containers and artifacts via REST
  • Running actions and playbooks via REST
  • REST importers