Top 3 Phantom Playbooks for 2016

The Playbook Series on our blog remains one of our most popular content features.  With dozens of posts in the series, we thought it would be interesting to showcase three of the most popular Phantom Playbooks from the year.

First up is the Ransomware Playbook.  Phantom can ingest either a suspicious file or file hash from your current security infrastructure to trigger the Ransomware Playbook, automating key investigation and containment steps:


Next on the list of the most popular Phantom Playbooks for 2016 addresses Phishing.  Phantom can ingest a suspicious email from your investigation queue (commonly an email mailbox on your mail server) and trigger the Phishing Playbook to automate 15 triage, investigation, and remediation steps:


Last on the list is a Phantom Playbook that can automatically gather threat intelligence for you and enrich inbound security events. With the added context on hand you can reduce redundant steps in your investigations, achieve faster decision making, and improve your overall productivity:


The new Playbook Editor in Phantom 2.0 made a significant leap forward in our mission to be the industry’s first, open, extensible, and community powered Security Automation & Orchestration platform – a technology that is core to building the next-generation SOC.  Watch this video to see how easy it is to build and customize Phantom Playbooks.

Interested in seeing how Phantom Playbooks can help your organization?  Get the free Phantom Community Edition, and attend one of our Tech Sessions to see Playbooks in action.

The use cases that can be addressed with Phantom Playbooks are nearly limitless.  Be sure to check the blog regularly for posts on other great Playbooks.

CP Morey
VP, Products & Marketing

Did you know that Phantom Playbooks are Python based? The Phantom platform interprets Playbooks in order to execute your mission when you see something that you want to take action on. They hook into the Phantom platform and all of its capabilities in order to execute actions, ensuring a repeatable and auditable process around your security operations.  Sample community Playbooks can be customized at will and are synchronized via Git and published on our public Community GitHub repository.  You can read more about the Phantom platform and Playbooks here.