Top Three Criteria: Orchestrator

This entry is the first in a series that outline key criteria to consider when evaluating Security Automation & Orchestration (SA&O) platforms. Here at Phantom, we define security orchestration as “the machine-based coordination of a series of interdependent security actions across a complex infrastructure.” Considering this definition, it’s easy to derive that one of the … Continue reading Top Three Criteria: Orchestrator

Using Custom Lists in Phantom Playbooks

Custom Lists are a powerful capability of the Phantom platform.  Customers typically use Custom Lists to maintain a dynamic list of items that persists on the platform. The function also commonly serves a caching mechanism to reduce overburdening a service. Custom Lists are available on-platform to playbooks and externally to third-party systems. In this blog entry, we will explore … Continue reading Using Custom Lists in Phantom Playbooks

App Spotlight: Farsight Security DNSDB—Incorporate DNS intelligence into automated investigations

The App Spotlight series highlights new or recently updated Phantom Apps. Today we’re highlighting the integration between Phantom’s Security Automation and Orchestration (SA&O) platform and the Farsight Security DNSDB threat intelligence solution. Two of the most popular investigational security actions automated with the Phantom platform are lookup ip, which provides reverse DNS information, and lookup … Continue reading App Spotlight: Farsight Security DNSDB—Incorporate DNS intelligence into automated investigations