Once signed into the Phantom Community site, the Splunk Phantom Community Edition virtual appliance is available for download from the “Products” section of the website. To start, create a Splunk Phantom account at if you don’t already have one. Virtualization software such as VMware Fusion®, VMware Fusion Pro®, VMware Workstation Player®, VMware Workstation Pro®, or Oracle® VirtualBox.Here are the underlying components used for this turnkey solution: Compare this to sending an alert email, described in our prior article on using the Splunk Adaptive Response Framework with DarkShield. Specifically, Phantom can automatically run DarkShield to plug those holes through playbooks that used Splunk to evaluate the data that DarkShield found. It is thus now possible to automate security responses to PII vulnerabilities in dark data uncovered in DarkShield PII searches. In v3, a command line interface (CLI) was added, allowing third-party applications to embed or run remediation (masking) jobs configured for DarkShield, including Phantom. IRI DarkShield is a powerful data masking package that can discover, delete, de-identify, and/or deliver PII hidden in a wide range of unstructured data sources. Phantom connects to Splunk Enterprise using the Phantom App for Splunk, so that actions can be taken on knowledge derived from data indexed in Splunk. Splunk Phantom is an orchestration, automation, and response technology for running “Playbooks” to respond to various conditions.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |