Splunk SOAR (f.k.a. Phantom)

Discussions

Thread Info

Phantom Playbook calling playbook block synchronous

I have a top level playbook that calls two playbooks, on that does some analysis and the second one that promotes the...

by New Member in

Embed rich view in phantom custom app

We have a python script that basically does "ip address -> ... python-generated splunk calls + viz api calls -> url o...

by Explorer in

Create table of paramaterized links in Phantom

When looking at the result of a Phantom automation, say on IP1 & IP2 + User1 & User2, we'd like to also have a table ...

by Explorer in

Are there any locking or concurrency guarantees when playbooks are operating on a container?

Question: Are there any locking or concurrency guarantees when playbooks are operating on a container? Issue I am ...

by New Member in

Issue to Map fields between QRadar and Phantom

Hello, I'm using the QRadar integration on Phantom, and we can define the mapping between Phantom and QRadar.I got...

by New Member in

Example of how to investigate and remediate phishing emails with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to investigate and remediate phishing emails?

by Splunk Employee in

Example of how to hunt for threats with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to hunt for threats?

by Splunk Employee in

Example of how to protect an EC2 group from malicious traffic with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to protect an EC2 group from malicious traffic?

by Splunk Employee in

Example of how to determine if an IP address is malicious with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to determine if an IP address is malicious?

by Splunk Employee in

Example of how to automatically contain malicious insiders with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to automatically contain malicious insiders?

by Splunk Employee in

Example of how to investigate and remediate malware infections with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to investigate and remediate malware infections?

by Splunk Employee in

Example of how to prompt an analyst to block an endpoint with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to prompt an analyst to block an endpoint?

by Splunk Employee in

Example of how to investigate and contain ransomware with Splunk Phantom?

Does anyone have examples of how to use Splunk Phantom to investigate and contain ransomware?

by Splunk Employee in

How to block incoming traffic (source ip at FW policy) with phantom check point/ fortinet apps?

Hi all, I was testing out phanom to contain malicious IPs with my perimeter FWs.The problem is that it only block ...

by New Member in

Artifact is missing in event coming from QRadar

Event coming from QRadar is missing artifact. What should I check? If you need mapping,How do I map between phanto...

by New Member in

Get Updates on the Splunk Community!

Splunk SOAR (f.k.a. Phantom)

Discussions

Phantom Playbook calling playbook block synchronous

Embed rich view in phantom custom app

Create table of paramaterized links in Phantom

Are there any locking or concurrency guarantees when playbooks are operating on a container?

Issue to Map fields between QRadar and Phantom

Example of how to investigate and remediate phishing emails with Splunk Phantom?

Example of how to hunt for threats with Splunk Phantom?

Example of how to protect an EC2 group from malicious traffic with Splunk Phantom?

Example of how to determine if an IP address is malicious with Splunk Phantom?

Example of how to automatically contain malicious insiders with Splunk Phantom?

Example of how to investigate and remediate malware infections with Splunk Phantom?

Example of how to prompt an analyst to block an endpoint with Splunk Phantom?

Example of how to investigate and contain ransomware with Splunk Phantom?

How to block incoming traffic (source ip at FW policy) with phantom check point/ fortinet apps?

Artifact is missing in event coming from QRadar

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

EWS for Office 365 depreciation alternative

Passing in list of devices into Enrichment Playboo...

IOC Severity Determination in Playbook with Multip...

Hyperlink in send Email action body

Unable to load query json. Error: Error Message: E...