Splunk Phantom

Coordinated, Automated, and Efficient Incident Response.

Splunk Phantom combines security infrastructure orchestration, playbook automation and case management capabilities to streamline your team, processes and tools.

Phantom’s flexible app model supports hundreds of tools and thousands of unique APIs. Codify your workflows into automated playbooks using our visual editor (no coding required) or the integrated Python development environment.

Developer: Splunk

Contact: Splunk

Documentation: View

Release Date: January 2022

Version: 2.21

Talk to a Specialist

GET STARTED

Solution Overview

1. As inbound emails are received by Mimecast on behalf of the organization, they are subject to analysis by the Mimecast inspection funnel, where a series of email hygiene and advanced security scanning techniques are applied, to ensure that emails are safe before they are delivered to the recipient.

2. Email related data from Mimecast ingested into the Splunk Phantom platform to help with analyst investigations.

3. Coordinate response actions across security tools based on Mimecast data.

4. Adjust Mimecast policies, search and destroy malicious emails, or prevent future threats.

Complex Email Threat Investigation

Develop playbooks to quickly pull together contextual data around an email threat discovered in Mimecast and coordinate next step actions to remediate or flag for further investigation

Automated Email Threat Enrichment

Orchestrate and automate a variety of critical but repeatable Mimecast commands during an incident response to improve response times.

Complex Email Threat Investigation

Analysts gain greater visibility and new actionable information about the attack through integrated Mimecast commands, with documentation per step and artifact reporting.