This entry is the first in a series that outline key criteria to consider when evaluating Security Automation & Orchestration (SA&O) platforms. Here at Phantom, we define security orchestration as “the machine-based coordination of a series of interdependent security actions across a complex infrastructure.” Considering this definition, it’s easy to derive that one of the … Continue reading Top Three Criteria: Orchestrator
Custom Lists are a powerful capability of the Phantom platform. Customers typically use Custom Lists to maintain a dynamic list of items that persists on the platform. The function also commonly serves a caching mechanism to reduce overburdening a service. Custom Lists are available on-platform to playbooks and externally to third-party systems. In this blog entry, we will explore … Continue reading Using Custom Lists in Phantom Playbooks
In case you missed the 2017 RSA conference this year, here are a couple of highlights from the Phantom perspective.
So what is a use case? What are the sections? I'm glad you asked. Here is my security version of a use case definition document...
Getting started with security automation begins with having the right objectives and goals in place. One of the keys to success is identifying the right use cases, complete with a prioritized roadmap of implementation and measurement. This article starts you on the journey, providing guidance for developing those use cases.
The App Spotlight series highlights new or recently updated Phantom Apps. Today we’re highlighting the integration between Phantom’s Security Automation and Orchestration (SA&O) platform and the Farsight Security DNSDB threat intelligence solution. Two of the most popular investigational security actions automated with the Phantom platform are lookup ip, which provides reverse DNS information, and lookup … Continue reading App Spotlight: Farsight Security DNSDB—Incorporate DNS intelligence into automated investigations
Your existing security infrastructure probably observes lots of scanning, or reconnaissance, activity every day. While a great portion of this activity can be attributed to the noise generated on the Internet, it can also be an early warning signal to a full on attack. A classic problem for security teams is dealing with this type of … Continue reading Playbook Series: Triage Reconnaissance Alerts