This article is a part of a series describing key features of the Phantom Security Automation and Orchestration platform and how they work to improve the analyst experience and drive greater efficiency within the SOC. Introduction Analysts are easily overwhelmed in a SOC environment that uses many disparate tools. In fact, some SOCs have over … Continue reading Mission Control: On-Demand Action Execution
Sometimes the easiest way to gain a foothold on a corporate network is to place a Wireless Access Point (WAP) right outside the door and wait to see who connects to it. Other times, the easiest way into a network is to drive by (literally) and monitor for networks that are not using modern security protocols. Either way, it helps to know what wireless networks are in the range of your office and whether they are official corporate WAPs. There are many ways to do this, but in this example, we dusted off a Raspberry Pi 3 and took it for a spin around the office to see what WAPs were broadcasting in our vicinity.
When analysts are working to understand, investigate, decide, and act on a security event, they need a view where all collected evidence for the event is easily accessible. The artifact table in Mission Control provides this view for Phantom users. The artifacts table makes data extremely quick and easy to access and operate on for an analyst.
A common security operations task involves investigating newly discovered servers on an organization's network. Whether detected by a scanning system or through a network detection system, the playbook below is triggered into action once a ticket is created to investigate the newly discovered server.
Team Phantom is excited to announce that version 3.0 of the Phantom Platform is now Generally Available (GA)! This release significantly improves an analyst's experience with the platform, while also helping to improve key Security Operations Center (SOC) metrics like Mean Time to Resolution (MTTR). With hundreds of enhancements and upgrades, you'll notice improvements that … Continue reading Announcing Phantom 3.0: Improved Efficiency and Collaboration, Fully-Integrated Case Management, Mission Guidance™, and More!
This month we would like to congratulate Drew Snellgrove with GE as the Phantom Community Contributor of the Month for July 2017. Drew contributed significant amounts of valuable feedback during a recent beta program. His inputs have helped the Phantom team build a quality platform that every community member will benefit from.
This blog entry continues an ongoing series of articles describing Phantom Playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom Platform. In May of 2017, Phantom's Co-Founder and CTO Sourabh Satish held two consecutive Tech Sessions covering capabilities of the Phantom … Continue reading Playbook: Using Filters, Decision-Making Logic, Custom Lists, User Prompts, and Scheduled Actions