![]() Use playbooks to automate analyst workflows in Splunk Phantom in Build Playbooks with the Visual Editor.How can Splunk Phantom be installed? in Install and Upgrade Splunk Phantom.Information about sharing data from Splunk Phantom. Information and instructions for performing backup and restore operations. How to add and configure apps and assets to provide actions in Splunk Phantom. Information and reports for monitoring the Splunk Phantom deployment. Settings related to user accounts, permissions, and authentication.Įnable or disable registered mobile devices. Settings to configure the organization, handling, and presentation. Settings for the Splunk Phantom product that apply to your deployment, such as clustering, multi-tenancy, and case management. Information about your company, contacts, and your Splunk Phantom license.Īll the settings to configure the behavior and appearance of Splunk Phantom. The following topics are discussed in this manual: This manual is intended to be used by the person or team administering the Splunk Phantom system. The Splunk Phantom platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools together. What's next for Meraki app for Splunk Phantomĭeployment by the WWT Meraki managed services team.Splunk Phantom is a world-class Security Orchestration, Automation, and Response (SOAR) system. The Splunk Phantom instance is deployed as an AWS instance, this app demonstrates integration of cloud managed services. The quarantine template can be applied without human intervention. Network with types camera cannot be bound to templates. for example: if you have correlation search in Splunk that alerts when phishing email is found. This workflow can execute without human intervention to the point of end-user notification and remediation. Phantom is mainly used to automate repetitive tasks. ![]() The results of these operations are returned to Phantom and logged. The second step is to bind a quarantine network template to the targeted network name. The first step is to locate the name of the network where the source MAC address is found. Splunk Phantom will invoke a playbook which executes the Meraki app after the container is created on Phantom. The CEF data is part of the Phantom container and artifact generated by a program using the Phantom Ingest SDK. ![]() From these tools, the source MAC address and other supporting information are populated into a Common Event Format (CEF) record. It is assumed the organization can identify the presence of unauthorized devices by way of log analysis or a host PC agent distributed scan. The Meraki app for Splunk Phantom uses the Meraki dashboard API to locate end-user devices within one or more organizations, networks / devices, and to bind a configuration template to a specified network.īy using the REST API of Splunk Phantom, security incidents (containers and artifacts) can be created and playbooks are programmatically initiated invoking the Meraki app functionality. The Meraki app for Splunk Phantom was enhanced to include a 'bind network' function, allowing the security operations team to specify the target network and the name of the quarantine template to apply to the teleworker. The security analyst(s) must quarantine the teleworker if unauthorized devices are discovered on the teleworker gateway. The firm requires stringent access controls of the devices (only corporate IP Phones and laptops) connected to the gateway. An investment management financial services company has increased their remote workers from 400 to 2,700 agents supported primarily by the Cisco Meraki Z3 Cloud Managed Teleworker Gateway. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |