Administering Phantom 4.10

Administering Phantom 4.10

Administering Phantom 4.10

Upcoming Classes

Online

Instructor-led online training

Location Oct 2021 Nov 2021 Dec 2021 Jan 2022 Feb 2022 Mar 2022 Apr 2022
AMER Eastern Time - Virtual Nov 1 – Nov 2
Nov 9 – Nov 10
Nov 29 – Nov 30
 Dec 6 – Dec 7
 Jan 3 – Jan 4
Jan 24 – Jan 25
AMER Pacific Time - Virtual Nov 15 – Nov 16
 Dec 13 – Dec 14
 Jan 17 – Jan 18
EMEA UK Time - Virtual Nov 15 – Nov 16
 Dec 6 – Dec 7
 Jan 3 – Jan 4
Jan 17 – Jan 18
APAC Singapore - Virtual Nov 22 – Nov 23
 Jan 6 – Jan 7

Australia

Location Oct 2021 Nov 2021 Dec 2021 Jan 2022 Feb 2022 Mar 2022 Apr 2022
Ingeniq - Online Dec 2 – Dec 3

Summary

This 9 hour course prepares IT and security practitioners to install, configure and use Phantom in their environment and will prepare developers to attend the playbook development course.

Description

  • Phantom topics and concepts
  • Installation
  • Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Events and containers
  • Investigation
  • Running actions and playbooks
  • Case management
  • Case workflows
  • Multi tenancy
  • Clustering

Duration

2 Days

Objectives

Module 1 – Introduction, Deployment and Installation
  • Describe Phantom operating concepts
  • Identify documentation and community resources
  • Identify installation and upgrade options
  • Phantom & Splunk Architectue
  • Splunk/Phantom relationships

Module 2 – Initial Configuration
  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Module 3 – Apps, Assets and Playbooks
  • Describe how apps and assets work in Phantom
  • Add and configure new apps
  • Configure assets
  • Manage playbooks

Module 4 – Ingesting Data
  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 5 – Analyst Queue
  • Work with the analyst queue
  • Filtering and sorting
  • Using search
  • Container export and import
  • Aggregation settings

Module 6 – Investigation
  • Use the investigation page to work on events
  • Use indicators to find matching artifacts in multiple events
  • Using the heads-up display
  • Using notes

Module 7 – Actions, Playbooks and Files
  • Manually run actions and examine action results
  • Manually run playbooks
  • Use the vault to store related files

Module 8 – Case Management and Workbooks
  • Use case management for complex investigations
  • Use case workflows
  • Define new workbooks
  • Customize case management

Module 9 – Customization
  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks

Module 10 – Advance Topics
  • Run reports
  • Use Phantom audit tools
  • Monitor system health
  • Define clustering best practices
  • Configure multi-server Phantom clusters
  • Configure multi-tenancy
  • Backup/restore

 

Prerequisites

Classes:

  • None

 

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

AMER Pacific Time - Virtual

EMEA UK Time - Virtual

APAC Singapore - Virtual

Chatswood, NSW


Don't see a date that works for you?

Request Class

© 2005- Splunk Inc. All rights reserved.
Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © Splunk Inc. All rights reserved.