API 2.0 Overview API 1.0 to 2.0 Migration Guide What's New
Action Usecase Alerting Usecase Analysis and Response API's Building Search Queries Configuration Backup Restore and Export APIs Enrichment Usecase Groups Usecase Mimecast API In Power BI Secure Email Gateway SIEM Tutorial CG SIEM Tutorial CI SIEM Batch CG Guidelines SIEM Batch CI Guidelines
API 2.0 Reference API 1.0 Reference
Alliance Partners
Become a Partner

Splunk Phantom

Developed by Splunk

Coordinated, Automated, and Efficient Incident Response.

Splunk Phantom combines security infrastructure orchestration, playbook automation and case management capabilities to streamline your team, processes and tools.

Phantom’s flexible app model supports hundreds of tools and thousands of unique APIs. Codify your workflows into automated playbooks using our visual editor (no coding required) or the integrated Python development environment.

Splunk Phantom Logo
Developer: Splunk
Contact: Splunk
Documentation: View
Release Date: January 2022
Version: 2.21
Talk to a Specialist
GET STARTED

Solution Overview

1. As inbound emails are received by Mimecast on behalf of the organization, they are subject to analysis by the Mimecast inspection funnel, where a series of email hygiene and advanced security scanning techniques are applied, to ensure that emails are safe before they are delivered to the recipient.

2. Email related data from Mimecast ingested into the Splunk Phantom platform to help with analyst investigations.

3. Coordinate response actions across security tools based on Mimecast data.

4. Adjust Mimecast policies, search and destroy malicious emails, or prevent future threats.

 

  • Splunk Phantom
  • Splunk Phantom
  • Splunk Phantom
  • Splunk Phantom

Mimecast and Splunk Use Cases:

Coordinated response aiding in:

Complex Email Threat Investigation

Develop playbooks to quickly pull together contextual data around an email threat discovered in Mimecast and coordinate next step actions to remediate or flag for further investigation

Automated Email Threat Enrichment

Orchestrate and automate a variety of critical but repeatable Mimecast commands during an incident response to improve response times.

Complex Email Threat Investigation

Analysts gain greater visibility and new actionable information about the attack through integrated Mimecast commands, with documentation per step and artifact reporting.

Threat Intelligence

Unifying aggregation, scoring, and sharing of threat intelligence with playbook-driven automation across the security estate

                                              Key Benefits

01.

Automate email security processes, shorten decision making cycle, and drive resource efficiency through automation.

02.

Enrich intelligence from Mimecast and other security tools for coordinated response.

03.

Achieve full orchestration capabilities using proactive playbooks and workflows. 

Splunk

Explore Integration
Back to Top