Advanced Phantom Implementation 4.9

Upcoming Classes

Online

Instructor-led online training

Location	Oct 2020	Nov 2020	Dec 2020	Jan 2021
AMER Eastern Time - Virtual	Oct 28 – Oct 30	Nov 18 – Nov 20		Jan 20 – Jan 22
AMER Pacific Time - Virtual		Nov 4 – Nov 6	Dec 2 – Dec 4 Dec 16 – Dec 18	Jan 6 – Jan 8
APAC Singapore - Virtual		Nov 11 – Nov 13		Jan 20 – Jan 22
EMEA UK Time - Virtual			Dec 16 – Dec 18

Summary

This 13.5 hour course is intended for experienced Phantom consultants who will be responsible for complex Phantom solution development, and will prepare the attendee to integrate Phantom with Splunk as well as develop playbooks requiring custom coding and REST API usage.
Potential attendees have received a passing grade in all prerequisite courses, and should ensure they can devote all of their attention to the class, as the course work is very challenging. Students will develop a custom solution with Phantom, Splunk and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development. This will require thoughtful focus, experimentation and problem-solving skills.

Description

Using external search in Phantom
Sending events from Splunk to Phantom
Updating Splunk events from Phantom
Running Phantom reports on Splunk
Executing Phantom playbooks from Splunk
Searching Splunk from Phantom playbooks
Writing custom code in Phantom playbooks
Using the Phantom REST API in Phantom playbooks

Duration

3 Days

Objectives

Module 1 – Implementing Splunk and Phantom

Review of Phantom UI and concepts
Describe interactions between Splunk and Phantom
Identify key concepts and data flows
Pre-requisites for integration

Module 2 – Configuring External Splunk Search

Describe the benefits of externalizing search to Splunk
Configure the Phantom instance for externalization
Configure the Splunk instance for externalization
Use the Splunk app for Phantom Reporting

Module 3 – Sending Splunk Events to Phantom

Configure the Phantom Add-on for Splunk
Map CIM fields to CEF
Send Enterprise Security notables to Phantom
Automatically trigger Phantom playbooks for Splunk notables

Module 4 – Accessing Splunk from Phantom

Install and configure the Phantom App for Splunk
Ingest Splunk events into Phantom
Use Splunk search from playbooks
Update Splunk notable events

Module 5 – Custom Coding in Playbooks

Phantom coding best practices
Writing, using and managing custom functions
Using the Phantom API in custom code
Store and retrieve persistent data

Module 6 – Using Phantom REST

Use Django queries to search for data in Phantom
Use REST from other systems to access Phantom data
Use the HTTP app to execute REST from playbooks

Prerequisites

Attendees for this class must ensure that they meet all course pre-requisites. This is a challenging, advanced class that draws on technical knowledge from many areas in Splunk and Phantom, and the demanding labs and course schedule leave little time to learn the basics.

Classes:

Experience with Python programming
Adminstering Splunk Phantom
Developing Splunk Phantom Playbooks
Enterprise Splunk Data Administration
Enterprise Splunk System Administration
Either Using or Administering Splunk Enterprise Security

Public Training

AMER Eastern Time - Virtual

Oct 28 – Oct 30

9:00 AM - 1:30 PM EDT

$ 1500.00 USD
Nov 18 – Nov 20

9:00 AM - 1:30 PM EST

$ 1500.00 USD
Jan 20 – Jan 22

9:00 AM - 1:30 PM EST

$ 1500.00 USD

AMER Pacific Time - Virtual

Nov 4 – Nov 6

9:00 AM - 1:30 PM PST

$ 1500.00 USD
Dec 2 – Dec 4

9:00 AM - 1:30 PM PST

$ 1500.00 USD
Dec 16 – Dec 18

9:00 AM - 1:30 PM PST

$ 1500.00 USD
Jan 6 – Jan 8

9:00 AM - 1:30 PM PST

$ 1500.00 USD

APAC Singapore - Virtual

Nov 11 – Nov 13

9:00 AM - 1:30 PM SGT

$ 1500.00 USD
Jan 20 – Jan 22

9:00 AM - 1:30 PM SGT

$ 1500.00 USD

EMEA UK Time - Virtual

Dec 16 – Dec 18

9:00 AM - 1:30 PM GMT

$ 1500.00 USD

Don't see a date that works for you?

Request Class

Advanced Phantom Implementation 4.9

Advanced Phantom Implementation 4.9