Splunk Phantom

Overview

Splunk Phantom combines security infrastructure orchestration, playbook automation and case management capabilities to streamline your team, processes and tools.

Phantom’s flexible app model supports hundreds of tools and thousands of unique APIs. Codify your workflows into automated playbooks using our visual editor (no coding required) or the integrated Python development environment.

Use Phantom event and case management to rapidly triage events in an automated, semi-automated or manual fashion. Splunk Phantom integrates with an instance of Mimecast to perform generic, investigative, and containment actions.

16 Supported Actions:

• test connectivity - Validate the asset configuration for connectivity using supplied configuration
• blacklist url - Adds URL to a managed URL blacklist
• add member - Add a sender or domain to a Mimecast group
• remove member - Remove a sender or domain from a Mimecast group
• blacklist sender - Blacklists a specific sender and recipient in Mimecast
• whitelist sender - Whitelists a specific sender and recipient in Mimecast
• whitelist url - Adds URL to a managed URL whitelist
• unblacklist url - Removes url from a managed URL blacklist
• unwhitelist url - Removes url from a managed URL whitelist
• list urls - Lists all managed URLs from the black/white list
• list groups - Lists all Mimecast groups matching the requested search criteria
• list members - Lists the members of a specified Mimecast group
• find member - Finds a member of a specified Mimecast group
• run query - Get emails across the Mimecast platform
• get email - Returns message information for a tracked message
• decode url - Decodes URL that was rewritten by Mimecast for on-click protection

For more information visit https://www.splunk.com/en_us/software/splunk-security-orchestration-and-automation.html