You may have noticed the Safe Mode switch in Phantom. It’s new in 2.0 and a great way to experiment with automation & orchestration; like learning to ride a bike with training wheels. It’s a great way to find your balance without hurting yourself.
If you already use Phantom, then you know that Apps & Playbooks work together like an “operating system” to automate & orchestrate the security products you own. If you are new to Phantom, then you can read more about Apps & Playbooks here.
Phantom Apps & Playbooks call actions on the security products that you’ve connected to Phantom. Apps have actions that are either readable or writeable (i.e. they can cause a persistent change). Phantom supports more than 125 actions. Examples include: block ip, disable user, geolocate ip, and detonate file.
Safe Mode restricts Playbooks to ONLY execute readable actions. Writeable actions are ignored, thereby preventing accidental harm when you are experimenting with with automation & orchestration. It’s a great way to try complex enrichment & investigative Playbooks with full decision making. You can use the results of the actions, but not actually execute any containment or remediation actions that could potentially disrupt operations while you are experimenting.
Safe Mode does not simulate writeable actions. So if a Playbook has actions dependent on the results of certain writeable actions, then they will not be executed since these actions are ignored in Safe Mode.
VP, Products & Marketing
Phantom, which was recognized as the most innovative company at the 2016 RSA Conference, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: www.phantom.us.