Data Exfiltration Monitoring with Phantom, Ansible, and Cisco ACI

A great use case submitted by one of our top contributors in the community!  Joel King of WWT, built an automation that monitors for data exfiltration using Phantom, Ansible, and Cisco.

Joel submitted this as an entry in Round 2 of the Phantom App & Playbook Challenge.

An overview of the App, and links to a YouTube video clip, as well as PowerPoint slides which document the use case are here:

The source code and the .tgz file are in this GitHub repository:

Phantom is the first company to provide an open community for security automation and orchestration, and this is something we take very seriously.  It’s one thing to talk about it, and it’s another to invest in it.  There is still time to join the contest which runs through December 2nd.

Don’t miss the chance to help protect your organization, showcase your skills, share with the community, and maybe win a $2,500 prize!

Just want to skip the contest and get access to the Community Edition?  (get Phantom)  Once you have an account, sign in to the portal and click “Learn” on the menu.  You’ll see full documentation, the knowledgebase, and helpful videos.

Have you been to a Phantom Tech Session?  We host them every two weeks.  Our next session on August 26th will focus on Joel’s winning entry in Round 1 of the contest (register).

Hope to see you in the Community!

CP Morey
VP, Products & Marketing

About Phantom:
Phantom, which was recognized as the most innovative company at the 2016 RSA Conference, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit:

One thought on “Data Exfiltration Monitoring with Phantom, Ansible, and Cisco ACI

Comments are closed.