Administering Phantom 4.10

Administering Phantom 4.10

Administering Phantom 4.10

Upcoming Classes

Online

Instructor-led online training

Location May 2021 Jun 2021 Jul 2021 Aug 2021 Sep 2021 Oct 2021 Nov 2021
EMEA UK Time - Virtual Jun 1 – Jun 2
Jun 14 – Jun 15
Jun 28 – Jun 29
 Jul 6 – Jul 7
Jul 20 – Jul 21
 Aug 3 – Aug 4
Aug 17 – Aug 18
 Sep 7 – Sep 8
Sep 21 – Sep 22
 Oct 5 – Oct 6
Oct 26 – Oct 27
AMER Pacific Time - Virtual Jun 1 – Jun 2
Jun 14 – Jun 15
 Jul 12 – Jul 13
Jul 19 – Jul 20
 Aug 9 – Aug 10
Aug 23 – Aug 24
 Sep 7 – Sep 8
Sep 20 – Sep 21
 Oct 4 – Oct 5
AMER Eastern Time - Virtual Jun 7 – Jun 8
Jun 21 – Jun 22
Jun 28 – Jun 29
 Jul 12 – Jul 13
Jul 26 – Jul 27
 Aug 2 – Aug 3
Aug 16 – Aug 17
Aug 30 – Aug 31
 Sep 13 – Sep 14
Sep 27 – Sep 28
 Oct 11 – Oct 12
Oct 25 – Oct 26
APAC Singapore - Virtual Jul 6 – Jul 7
 Aug 9 – Aug 10
 Oct 11 – Oct 12

Australia

Location May 2021 Jun 2021 Jul 2021 Aug 2021 Sep 2021 Oct 2021 Nov 2021
Ingeniq - Online Jun 28 – Jun 29
 Aug 19 – Aug 20

Summary

This 9 hour course prepares IT and security practitioners to install, configure and use Phantom in their environment and will prepare developers to attend the playbook development course.

Description

  • Phantom topics and concepts
  • Installation
  • Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Events and containers
  • Investigation
  • Running actions and playbooks
  • Case management
  • Case workflows
  • Multi tenancy
  • Clustering

Duration

2 Days

Objectives

Module 1 – Introduction, Deployment and Installation
  • Describe Phantom operating concepts
  • Identify documentation and community resources
  • Identify installation and upgrade options
  • Phantom & Splunk Architectue
  • Splunk/Phantom relationships

Module 2 – Initial Configuration
  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Module 3 – Apps, Assets and Playbooks
  • Describe how apps and assets work in Phantom
  • Add and configure new apps
  • Configure assets
  • Manage playbooks

Module 4 – Ingesting Data
  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 5 – Analyst Queue
  • Work with the analyst queue
  • Filtering and sorting
  • Using search
  • Container export and import
  • Aggregation settings

Module 6 – Investigation
  • Use the investigation page to work on events
  • Use indicators to find matching artifacts in multiple events
  • Using the heads-up display
  • Using notes

Module 7 – Actions, Playbooks and Files
  • Manually run actions and examine action results
  • Manually run playbooks
  • Use the vault to store related files

Module 8 – Case Management and Workbooks
  • Use case management for complex investigations
  • Use case workflows
  • Define new workbooks
  • Customize case management

Module 9 – Customization
  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks

Module 10 – Advance Topics
  • Run reports
  • Use Phantom audit tools
  • Monitor system health
  • Define clustering best practices
  • Configure multi-server Phantom clusters
  • Configure multi-tenancy
  • Backup/restore

 

Prerequisites

Classes:

  • None

 

Onsite Training

For groups of three or more

Request Quote

Public Training

EMEA UK Time - Virtual

AMER Pacific Time - Virtual

AMER Eastern Time - Virtual

Chatswood, NSW

APAC Singapore - Virtual


Don't see a date that works for you?

Request Class

© 2005- Splunk Inc. All rights reserved.
Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © Splunk Inc. All rights reserved.