Administering Phantom 4.10

Administering Phantom 4.10

Administering Phantom 4.10

Upcoming Classes

Online

Instructor-led online training

Location Aug 2021 Sep 2021 Oct 2021 Nov 2021 Dec 2021 Jan 2022 Feb 2022
EMEA UK Time - Virtual Aug 3 – Aug 4
Aug 17 – Aug 18
 Sep 7 – Sep 8
Sep 21 – Sep 22
 Oct 5 – Oct 6
Oct 26 – Oct 27
 Nov 15 – Nov 16
 Dec 6 – Dec 7
 Jan 3 – Jan 4
Jan 17 – Jan 18
APAC Singapore - Virtual Aug 9 – Aug 10
 Oct 11 – Oct 12
 Nov 22 – Nov 23
 Jan 6 – Jan 7
AMER Pacific Time - Virtual Aug 9 – Aug 10
Aug 23 – Aug 24
 Sep 7 – Sep 8
Sep 20 – Sep 21
 Oct 4 – Oct 5
 Nov 15 – Nov 16
 Dec 13 – Dec 14
 Jan 17 – Jan 18
AMER Eastern Time - Virtual Aug 16 – Aug 17
Aug 30 – Aug 31
 Sep 13 – Sep 14
Sep 27 – Sep 28
 Oct 11 – Oct 12
Oct 25 – Oct 26
 Nov 1 – Nov 2
Nov 9 – Nov 10
Nov 29 – Nov 30
 Dec 6 – Dec 7
 Jan 3 – Jan 4
Jan 24 – Jan 25

Australia

Location Aug 2021 Sep 2021 Oct 2021 Nov 2021 Dec 2021 Jan 2022 Feb 2022
Ingeniq - Online Sep 6 – Sep 7
 Oct 19 – Oct 20

Summary

This 9 hour course prepares IT and security practitioners to install, configure and use Phantom in their environment and will prepare developers to attend the playbook development course.

Description

  • Phantom topics and concepts
  • Installation
  • Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Events and containers
  • Investigation
  • Running actions and playbooks
  • Case management
  • Case workflows
  • Multi tenancy
  • Clustering

Duration

2 Days

Objectives

Module 1 – Introduction, Deployment and Installation
  • Describe Phantom operating concepts
  • Identify documentation and community resources
  • Identify installation and upgrade options
  • Phantom & Splunk Architectue
  • Splunk/Phantom relationships

Module 2 – Initial Configuration
  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Module 3 – Apps, Assets and Playbooks
  • Describe how apps and assets work in Phantom
  • Add and configure new apps
  • Configure assets
  • Manage playbooks

Module 4 – Ingesting Data
  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 5 – Analyst Queue
  • Work with the analyst queue
  • Filtering and sorting
  • Using search
  • Container export and import
  • Aggregation settings

Module 6 – Investigation
  • Use the investigation page to work on events
  • Use indicators to find matching artifacts in multiple events
  • Using the heads-up display
  • Using notes

Module 7 – Actions, Playbooks and Files
  • Manually run actions and examine action results
  • Manually run playbooks
  • Use the vault to store related files

Module 8 – Case Management and Workbooks
  • Use case management for complex investigations
  • Use case workflows
  • Define new workbooks
  • Customize case management

Module 9 – Customization
  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks

Module 10 – Advance Topics
  • Run reports
  • Use Phantom audit tools
  • Monitor system health
  • Define clustering best practices
  • Configure multi-server Phantom clusters
  • Configure multi-tenancy
  • Backup/restore

 

Prerequisites

Classes:

  • None

 

Onsite Training

For groups of three or more

Request Quote

Public Training

EMEA UK Time - Virtual

APAC Singapore - Virtual

AMER Pacific Time - Virtual

AMER Eastern Time - Virtual

Chatswood, NSW


Don't see a date that works for you?

Request Class

© 2005- Splunk Inc. All rights reserved.
Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © Splunk Inc. All rights reserved.