Phantom Workbooks allow you to codify your security standard operating procedures into reusable templates. Phantom supports custom and industry-standard workbooks that allow you to divide tasks into phases, assign responsibilities to team members, and document your work. However, no single end-to-end workbook can be a “one size fits all” for every investigation of a particular security incident. For instance, one phishing workbook cannot be expected to capture every possible permutation of tasks for every phishing investigation. Some real-time task modification may be required to adapt to unforeseen circumstances in the case.
That’s why we created “modular workbooks” that allow you to effortlessly adapt your security operations workflow. Rather than trying to create all-encompassing end-to-end workbooks that strictly define every single task, modular workbooks allow you to create task modules and combine them in different ways to complete your investigation process. This not only enables more dynamic run-time assignment, but makes workbooks more adaptable and scalable across a variety of use cases.
Tune in to this Tech Talk to:
Learn how Phantom can dynamically add tasks to your workbooks
Understand why workbooks might need to adapt during investigations
See modular workbook development in action and utilize these examples in your organization
Tech Talks conversations will live for two weeks after the talk. You can then continue the conversation in the tag Phantom on Splunk Answers.