Splunk Tech Talks
Deep-dives for technical practitioners.

Splunk SOAR Playbook – Malware Triage with Crowdstrike and Splunk Phantom

Splunk Employee
Splunk Employee

View our Tech Talk: Security Edition, Splunk SOAR Playbook – Malware Triage with Crowdstrike and Splunk Phantom

As security teams navigate the movement to remote work and the transition to cloud-hosted infrastructure, endpoint visibility remains a high priority for just about everyone. Whether we are monitoring a server in AWS or a remote employee’s laptop, cloud-native endpoint security platforms like CrowdStrike remain a vital part of our infrastructure. However, the enhanced visibility and machine learning detections of a tool like CrowdStrike do have the potential to overwhelm our security operations centers with an overabundance of alerts. When these alerts pile up, analysts need a way to quickly gather more information related to the threat, determine the risk level and respond immediately. That’s when an automation and orchestration tool can save the day. Splunk Phantom is a SOAR tool that can orchestrate decisions and actions to more quickly investigate, triage and respond to this high volume of alerts and reduce the manual burden of repetitive analysis.


The combination of Crowdstrike and Splunk Phantom allows for a smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. 

Tags (2)