Advanced Phantom Implementation 4.9

Advanced Phantom Implementation 4.9

Advanced Phantom Implementation 4.9

Upcoming Classes

Online

Instructor-led online training

Location Jan 2021 Feb 2021 Mar 2021 Apr 2021 May 2021 Jun 2021 Jul 2021
APAC Singapore - Virtual Jan 20 – Jan 22
 Mar 17 – Mar 19
 Apr 21 – Apr 23
AMER Eastern Time - Virtual Feb 10 – Feb 12
Feb 24 – Feb 26
 Mar 24 – Mar 26
 Apr 7 – Apr 9
EMEA UK Time - Virtual Feb 24 – Feb 26
 Apr 28 – Apr 30
AMER Pacific Time - Virtual Mar 10 – Mar 12
 Apr 21 – Apr 23

Summary

This 13.5 hour course is intended for experienced Phantom consultants who will be responsible for complex Phantom solution development, and will prepare the attendee to integrate Phantom with Splunk as well as develop playbooks requiring custom coding and REST API usage.
Potential attendees have received a passing grade in all prerequisite courses, and should ensure they can devote all of their attention to the class, as the course work is very challenging. Students will develop a custom solution with Phantom, Splunk and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development. This will require thoughtful focus, experimentation and problem-solving skills.

Description

  • Using external search in Phantom
  • Sending events from Splunk to Phantom
  • Updating Splunk events from Phantom
  • Running Phantom reports on Splunk
  • Executing Phantom playbooks from Splunk
  • Searching Splunk from Phantom playbooks
  • Writing custom code in Phantom playbooks
  • Using the Phantom REST API in Phantom playbooks

Duration

3 Days

Objectives

Module 1 – Implementing Splunk and Phantom
  • Review of Phantom UI and concepts
  • Describe interactions between Splunk and Phantom
  • Identify key concepts and data flows
  • Pre-requisites for integration

Module 2 – Configuring External Splunk Search
  • Describe the benefits of externalizing search to Splunk
  • Configure the Phantom instance for externalization
  • Configure the Splunk instance for externalization
  • Use the Splunk app for Phantom Reporting

Module 3 – Sending Splunk Events to Phantom
  • Configure the Phantom Add-on for Splunk
  • Map CIM fields to CEF
  • Send Enterprise Security notables to Phantom
  • Automatically trigger Phantom playbooks for Splunk notables

Module 4 – Accessing Splunk from Phantom
  • Install and configure the Phantom App for Splunk
  • Ingest Splunk events into Phantom
  • Use Splunk search from playbooks
  • Update Splunk notable events

Module 5 – Custom Coding in Playbooks
  • Phantom coding best practices
  • Writing, using and managing custom functions
  • Using the Phantom API in custom code
  • Store and retrieve persistent data

Module 6 – Using Phantom REST
  • Use Django queries to search for data in Phantom
  • Use REST from other systems to access Phantom data
  • Use the HTTP app to execute REST from playbooks

Prerequisites

Attendees for this class must ensure that they meet all course pre-requisites. This is a challenging, advanced class that draws on technical knowledge from many areas in Splunk and Phantom, and the demanding labs and course schedule leave little time to learn the basics.

Classes:

  • Experience with Python programming
  • Adminstering Splunk Phantom
  • Developing Splunk Phantom Playbooks
  • Enterprise Splunk Data Administration
  • Enterprise Splunk System Administration
  • Either Using or Administering Splunk Enterprise Security

 

Onsite Training

For groups of three or more

Request Quote

Public Training

APAC Singapore - Virtual

AMER Eastern Time - Virtual

EMEA UK Time - Virtual

AMER Pacific Time - Virtual


Don't see a date that works for you?

Request Class

© 2005- Splunk Inc. All rights reserved.
Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © Splunk Inc. All rights reserved.