hunt ip – Look for IP information within a threat intelligence database.hunt file – Look for a file in a threat intelligence database.
hunt domain – Look for a domain in a threat intelligence database.geolocate ip – Query a geolocation service for IP location.ip reputation – Query a reputation service for IP reputation.file reputation – Query a reputation service for file reputation.domain reputation – Query a reputation service for domain reputation.detonate url – Load a URL in a sandbox and retrieve the analysis results.get file info – Retrieve information about a file.get file – Download a sample from a repository.detonate file – Execute a file in a sandbox and retrieve the analysis results.Screenshot from the Phantom platform’s new visual playbook editor.Īs shown in the above diagram, the Phantom platform ingests a security event from your infrastructure and triggers the Event Investigation playbook, automating 19 common investigation steps: With the added context on hand you can reduce redundant steps in your investigations, achieve faster decision making, and improve your overall productivity.
The Phantom platform can automatically gather threat intelligence for you and enrich inbound security events. This example examines one of the sample playbooks included with the Phantom 2.0 platform release.
Splunk phantom python series#
Today’s post continues an ongoing series on Phantom playbooks which the platform uses to automate and orchestrate your security operations plan.
0 kommentar(er)
