Announcing Phantom 2.1 General Availability

Team Phantom is excited to announce the General Availability of our latest Phantom platform release, version 2.1!  

Here is a sample of what you’ll find.

Updated Dashboard Metrics and Executive Reporting

The main dashboard of the Phantom platform has been re-imagined and now includes more automation and usage metrics. From the platform dashboard, you can instantly see these metrics and more:

  • Amount of time saved by automation,
  • Number of Full-Time Equivalent (FTE) resources gained,
  • Money saved by automation,
  • Top Phantom playbooks executed,
  • Top Phantom actions executed,
  • Mean time to Resolution (MTTR),
  • Mean dwell time,
  • Mean time to triage,
  • Service Level Agreement (SLA) performance,
  • Alert arrival and closure counts.  

These metrics are also included with our new executive report.

Expanded Visual Playbook Editor Capabilities

There are now eight options for a new block of execution when drafting a playbook in the Phantom visual playbook editor:

  • Nested playbook execution
  • Execute an action
  • Apply a data filter
  • Insert a human prompt
  • Apply a decision block
  • Format data block
  • Task block
  • Phantom API block

There are several other enhancements to the visual playbook editor that provide significantly more functionality over previous releases, like support for: join operations on multiple actions, notes and descriptions for actions and blocks, and playbook import/export. Collectively the new editor enhancements further reduce or eliminate many scenarios requiring users to modify the underlying Python source code of Phantom playbooks.

Case Management

The new case management component gives analysts an in-platform escalation path for alerts managed within Phantom.  As alerts are examined manually through mission control or automatically by Phantom playbooks, relevant artifacts and action results can be attached to a case.  In addition to data aggregation, a case also manages the progression through your standard operating procedures (SOP), documenting work performed throughout the life of a case.  Customers can build their own SOP templates, use the stock SOP templates on the Phantom platform, or augment the stock templates.

Additional Enhancements

This release includes also includes additional enhancements derived from our valuable community members and customers.  

  • Streamlined Phantom app configuration with the ability to install updates and get new apps within the platform
  • Support for CyberArk, a 3rd-party Credential Management system
  • Proxy Support (with Multi-proxy Environment Support)
  • Enhanced search capabilities
  • Audit trails for changes to Phantom playbooks
  • New Automation APIs for Data Management
  • Enhanced Cloud Deployment (AWS)

Next Steps

For more information on the Phantom 2.1 release, refer to the release notes and product documentation on the Phantom community site.  

Download the release today from our community download page.

Rob Truesdell
Director, Product Management
Team Phantom