![]() ![]() Each asset represents a physical or virtual device within your organization such as a server, endpoint, router, or firewall. ![]() See Add and configure apps and assets to provide actions in Splunk Phantom in the Administer Splunk Phantom manual.Ī specific instance of an app. The Palo Alto Networks (PAN) Firewall app provides several actions, such as blocking and unblocking access to IP addresses, applications, and URLs.The PhishTank app provides an action to find the reputation of a URL.The MaxMind app provides an action to find the geographical location of an IP address.The diagram shows three apps in a Splunk Phantom environment: Some apps also provide a visual component such as widgets that can be used to render data produced by the app. The connections allow Splunk Phantom to access and run actions that are provided by the third-party technologies. See the table immediately following the diagram for more information about each Splunk Phantom component in the diagram.Īdds connectivity to third-party security technologies. This diagram shows the end-to-end flow of security automation in Splunk Phantom. The Splunk Phantom platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats. Splunk Phantom is a Security Orchestration, Automation, and Response (SOAR) system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |