Administering Phantom 4.10

Administering Phantom 4.10

Administering Phantom 4.10

Upcoming Classes

Online

Instructor-led online training

Location Feb 2021 Mar 2021 Apr 2021 May 2021 Jun 2021 Jul 2021 Aug 2021
AMER Eastern Time - Virtual Mar 1 – Mar 2
Mar 15 – Mar 16
Mar 22 – Mar 23
 Apr 5 – Apr 6
Apr 12 – Apr 13
Apr 26 – Apr 27
 May 3 – May 4
May 17 – May 18
 Jun 7 – Jun 8
Jun 21 – Jun 22
Jun 28 – Jun 29
 Jul 12 – Jul 13
Jul 26 – Jul 27
 Aug 2 – Aug 3
Aug 16 – Aug 17
EMEA UK Time - Virtual Mar 1 – Mar 2
Mar 15 – Mar 16
Mar 29 – Mar 30
 Apr 6 – Apr 7
Apr 20 – Apr 21
 May 4 – May 5
May 18 – May 19
 Jun 1 – Jun 2
Jun 14 – Jun 15
Jun 28 – Jun 29
 Jul 6 – Jul 7
Jul 20 – Jul 21
 Aug 3 – Aug 4
Aug 17 – Aug 18
AMER Pacific Time - Virtual Mar 8 – Mar 9
Mar 29 – Mar 30
 Apr 19 – Apr 20
 May 10 – May 11
May 24 – May 25
 Jun 1 – Jun 2
Jun 14 – Jun 15
 Jul 12 – Jul 13
Jul 19 – Jul 20
 Aug 9 – Aug 10
Aug 23 – Aug 24
APAC Singapore - Virtual Mar 8 – Mar 9
 Apr 6 – Apr 7
 May 11 – May 12
 Jun 8 – Jun 9
 Jul 6 – Jul 7
 Aug 9 – Aug 10

Summary

This 9 hour course prepares IT and security practitioners to install, configure and use Phantom in their environment and will prepare developers to attend the playbook development course.

Description

  • Phantom topics and concepts
  • Installation
  • Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Events and containers
  • Investigation
  • Running actions and playbooks
  • Case management
  • Case workflows
  • Multi tenancy
  • Clustering

Duration

2 Days

Objectives

Module 1 – Introduction, Deployment and Installation
  • Describe Phantom operating concepts
  • Identify documentation and community resources
  • Identify installation and upgrade options
  • Phantom & Splunk Architectue
  • Splunk/Phantom relationships

Module 2 – Initial Configuration
  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Module 3 – Apps, Assets and Playbooks
  • Describe how apps and assets work in Phantom
  • Add and configure new apps
  • Configure assets
  • Manage playbooks

Module 4 – Ingesting Data
  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 5 – Analyst Queue
  • Work with the analyst queue
  • Filtering and sorting
  • Using search
  • Container export and import
  • Aggregation settings

Module 6 – Investigation
  • Use the investigation page to work on events
  • Use indicators to find matching artifacts in multiple events
  • Using the heads-up display
  • Using notes

Module 7 – Actions, Playbooks and Files
  • Manually run actions and examine action results
  • Manually run playbooks
  • Use the vault to store related files

Module 8 – Case Management and Workbooks
  • Use case management for complex investigations
  • Use case workflows
  • Define new workbooks
  • Customize case management

Module 9 – Customization
  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks

Module 10 – Advance Topics
  • Run reports
  • Use Phantom audit tools
  • Monitor system health
  • Define clustering best practices
  • Configure multi-server Phantom clusters
  • Configure multi-tenancy
  • Backup/restore

 

Prerequisites

Classes:

  • None

 

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

EMEA UK Time - Virtual

AMER Pacific Time - Virtual

APAC Singapore - Virtual


Don't see a date that works for you?

Request Class

© 2005- Splunk Inc. All rights reserved.
Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © Splunk Inc. All rights reserved.