Mission Guidance

Mission Guidance is an intelligent assistant that’s fully integrated into Mission Control. It supports security operations analysts by offering suggestions to help investigate, contain, eradicate, and recover from a security event. It works by mapping security event data to your currently configured SOC tools and playbooks. Mission Guidance recommendations help educate newer analysts on steps to take and validate the choices of more experienced analysts.

Mission Guidance
Activity Feed

ACTIVITY FEED

The Activity Feed in the Mission Control interface displays all current and historical action and playbook activity that has acted on the currently displayed event. This allows you to quickly see the success, ongoing execution, and results of all automation operations for the event. The Activity Feed also provides team collaboration capabilities that are integrated inline with automation details and other data, forming a record of all relevant event information.

APP WIDGETS

The Phantom Platform provides app authors with the ability to render the results of an action as a widget, or custom view, within Mission Control. It is designed to make applicable result data, like images, easier to consume at a glance. Security Analysts can configure the layout of these widgets, creating a view that provides them with maximum value.

App Widgets
Heads Up Display

HEADS UP DISPLAY

The Heads-up Display (HUD) area within the Mission Control interface allows you manually or automatically pin data to its canvas for later viewing. The HUD area has many possible uses; one common one is where a playbook or analyst will “pin” the most important pieces of information relating to an event to the HUD, improving collaboration across multiple analysts and saving valuable time when trying to find or recall the data.

ACTIVITY TIMELINE

The activity timeline in Mission Control provides a visually-oriented account of all activity that took place on an event or case. It is a horizontal timeline that allows you to traverse forward or backward, zooming out to get views of activity across long-lived events or cases, as well as zooming in to see rapidly sequential activity.

Activity Timeline

Learn More About the Phantom Platform

Case Management