Administering Phantom

Instructor-led Training Schedule

Course Objectives
 

Module 1 – Introduction & Concepts

• Describe Phantom operating concepts
• Identify documentation and community resources
• Identify installation options
• Perform initial configuration
• Configure multi tenancy to enable use of Phantom by multiple teams

Module 2 – Installation

• Deployment planning
• Pre-installation steps
• Identify installation options
• Upgrading Phantom

Module 3 – Initial Configuration

• Product settings
• Access control
• Authentication settings
• Response settings

Module 4 – Apps and Assets

• Describe how apps and assets work in Phantom
• Add and configure new apps
• Configure assets

Module 5 – Data Ingestion

• Assets as data sources
• Configuring data polling
• Labels and tags
• Data ingestion management
• Event settings

Module 6 – Containers and Events

• Work with the analyst queue
• Filtering and sorting
• Using search
• Container export and import
• Aggregation settings

Module 7 – Mission Control 

• Use Mission Control to work on events
• Use indicators to find matching artifacts in multiple events
• Manually run actions and examine action results
• Manually run playbooks
• Use the vault to store related files
• Using the heads-up display
• Using notes

Module 8 – Case Management and Workflows

• Use case management for complex investigations
• Use case workflows
• Define new workflows
• Customize case management

Module 9 – Multi tenancy and Clustering

• Define clustering best practices
• Configure multi-server Phantom clusters
• Configure multi-tenancy

Module 10 – Maintenance and reporting

• Run reports
• Use Phantom audit tools
• Monitor system health