Announcing the Phantom 3.5 Security Operations Platform

Following a successful controlled release to the Phantom Community on February 22, we’re happy to announce that the 3.5 release of the Phantom Platform is now Generally Available (GA)!

With this release, we’re redefining how we talk about the Phantom Platform. Introducing the Phantom Security Operations Platform!  In step with our customer’s needs, the Phantom Platform has grown and today provides much more than Security Automation & Orchestration (SA&O) services. Over the past several releases, we’ve added fully-integrated case management, enhanced collaboration, improved metrics, and more. The Phantom Platform of today connects people, process, and tools across the Security Operations Center (SOC) to help teams meet the security challenges they face head-on.

With hundreds of enhancements and upgrades, you’ll notice improvements that span every area of the platform. As always, we are grateful to the Phantom Community and to our customers, who have inspired many of the latest platform enhancements.

Below are just some of the great new things you’ll find in Phantom 3.5.

Multi-Tenancy Support

Phantom 3.5 supports the ability to manage events and cases across multiple customers, departments, or other domains through the use of a tenant identifier.  This allows an analyst to view events spanning multiple tenants within a single screen, apply filters to drill into a view based on a specific tenant, then pivot directly into Mission Control to investigate and take action. Phantom Assets and Playbooks also use the multi-tenancy capabilities of the platform, enabling them to be isolated or shared across one or more tenants.  SLAs can also be configured on a per-tenant basis if desired.

User-Interface Enhancements

One of the first things you’ll notice is that we’ve added a dark-themed interface option. This theme provides a more consistent look-and-feel in environments that have adopted darker interfaces. We’ve also enhanced the visual playbook editor with improved function blocks and configuration screens that make building playbooks faster. Finally, we’ve added pre-configured and customizable filters that can be quickly saved, recalled, and applied to event queues.

Phantom Mission Experts™ Recommendations

Mission Experts extends the scope of Phantom Mission Guidance™ by recommending users of the platform (i.e. Mission Experts) who are best suited for processing or participating in an event or case. The Phantom Platform tracks and scores user activities to identify their strengths, which then helps determine which experts are recommended for particular events or cases.

Other Enhancements

  • Auto-Aggregation of Events and/or Cases
    • Users can create exact match rules or regular expressions (RegEx) to automatically aggregate incoming events with pre-existing events or cases.
  • Expanded Permissions for Roles
    • Role-based access controls can now be applied to playbook Git repositories.
  • Collaboration Enhancements
    • Mission Control now supports the ability to address and notify individuals using an @username convention.
  • Automation Enhancements
    • Synchronous playbook execution with callback support, allowing calls for nested playbook execution to complete before moving on to downstream actions in the action execution path.
  • Ingestion Enhancements
    • Ability to configure apps to ingest data on a predetermined schedule, in addition to the current interval-based polling method.
  • Case Management Enhancements
    • Ability to attach notes and files directly to a task within a case for added context is supported.
  • Authentication Enhancements
    • Single Sign-On is improved and we have added support for the Hashicorp third-party credential management system.

Learn More

Register and view the 22-Feb Phantom Tech Session where Phantom CTO and Co-Founder, Sourabh Satish, demonstrates all of the new/updated features and benefits of the Phantom 3.5 Platform.
Tech Session: Register to view on-demand

You can also catch our quarterly Phantom in Focus session on Thursday, March 08, 2018. Phantom CEO and Co-Founder Oliver Friedrichs will provide additional updates on the Phantom 3.5 release, along with his insights and perspectives on the security automation and orchestration market.
Phantom in Focus: Register to attend the live session

Download Phantom 3.5 Today

Whether you’re looking to update your current installation or gain access to the free Phantom Community Edition, you can download the new release from our community site, (registration required).

Have fun automating!
Team Phantom