Phantom is a security automation and orchestration platform that integrates with your existing security technologies in order to provide a layer of “connective tissue” between them.
Phantom streamlines security operations through the execution of digital “Playbooks” to achieve in seconds what may normally take minutes or hours to accomplish with the dozens of point products that you use every day.
Phantom doesn’t replace existing security products, but instead makes your investment in them smarter, faster and stronger.
Phantom accomplishes this through a logical architecture that abstracts product capabilities, through the Phantom App model, into simple Actions that can be automated from within Playbooks. This allows Phantom to act as an "operating system" for your security products.
Augment your security operations team with a consolidated platform
Supercharge, integrate and coordinate your existing security investments
Achieve in seconds what may normally take minutes or hours through digital “Playbooks”
Choose the level of automation that suits you, from supervised to fully unsupervised
Improve continuity, oversight, and drive predictable security response outcomes
You can use Phantom to automate on arbitrary security data such as incidents, threat indicators, vulnerabilities, emails, and more.
Phantom consumes and operates on JSON internally making it extremely flexible and giving you full access to the contents of your security data for the purposes of automated decision‑making.
You can either push your data to Phantom, or pull it from a number of externally supported SIEM or analytics tools.
Playbooks are the codification of your security operations (SecOps) plan. In practice they’re high-level Python scripts that Phantom interprets in order to execute your mission WHEN you see something that you want to take action on. Playbooks hook into the Phantom platform and all of its capabilities in order to execute those actions, ensuring a repeatable and auditable process around your security operations.
Playbooks execute Actions on devices and assets that you’ve connected Phantom to. There are many different use cases that you can implement in a Playbook. Below are just some of the scenarios that can be executed via Phantom Playbooks.
Phantom orchestrates security operations on security and infrastructure assets that you connect it to. Examples of Assets include Firewalls, Endpoint Products, Reputation Services, Sandboxes, Directory Services, and SIEMs.
Assets can be configured to have owners, like the administrators or groups of users managing the asset. For example, you may have a group that manages your firewalls, your endpoints or your virtual infrastructure. When an action has to be executed on an Asset, it’s owners are engaged and notified about the details of the action and the context surrounding it.
They’re informed about why an action is being performed or why a change is being requested, including the parameters of that change. Owners can then review, approve, change parameters, deny or delegate the action. Phantom also facilitates group ownership where one or more, any or all members of the group have to review and approve an action. Phantom allows primary and secondary owners to be defined and in the event that an approval times out, a series of escalations can take place.
Phantom Community Edition is a free, consumption limited, version of Phantom Enterprise.
Phantom is providing the Phantom Community Edition to qualified organizations as part of our Early Experience program. Community Edition allows you to learn about and become one of the first users of this entirely new approach to gaining control over your disparate security technologies!Get Phantom Now
|Action Volume Maximum Actions per day||Maximum Actions executed per day||
|Dashboards Customizable dashboards||Customizable dashboards|
|Mission Control Mission Control dashboard||Mission Control dashboard|
|Community Apps Open source community Apps||Open source community Apps|
|Certified Apps Cetified Apps provided by Phantom||Cetified Apps provided by Phantom|
|Community Playbooks Open source Playbooks||Open source Playbooks|
|Certified Playbooks Playbooks provided by Phantom||Playbooks provided by Phantom|
|Executive Reporting On demand and scheduled reporting||On demand and scheduled reporting|
|Community Support Community message board support||Community message board support|
|Enterprise Support Support provided by Phantom||Support provided by Phantom|