Phantom is a community-powered security automation and orchestration solution. The Phantom Platform integrates existing security technologies, such as RSA Archer GRC, forming a layer of connective tissue between separate products. Manual security-operations tasks codified into Phantom Playbooks become software workflows that run at machine-speed to orchestrate complex interactions among Archer and other Phantom-connected security products.
The integration of Phantom with RSA Archer enables Phantom to create, list, retrieve, and update RSA Archer incidents (tickets). Phantom Playbooks can leverage RSA Archer capabilities to improve efficiency and precision of the security incident management process including ticketing, investigation, response, and reporting, so the SOC can work smarter, respond faster, and focus attention onto mission-critical decisions.
Phantom integrates using the RSA Archer App for Phantom to call RSA Archer’s web services (REST & SOAP) APIs. The RSA Archer App comes pre-installed and runs entirely within Phantom—no new code need be installed on the RSA Archer Platform. Once you enable and configure the App, RSA Archer GRC incident / ticketing actions are available within Phantom.
Phantom integration with RSA Archer enables organizations to:
- Automate the gathering of system information from a variety of security and network tools
- Pass security alerts to RSA Archer for review and prioritization
- Escalate high impact events to manage the incident response and the investigation process
Solution and Platform Information
- Solution Area: RSA Archer IT & Security Risk Management
- Impacted Use Cases: RSA Archer Security Incident Management
- Supported Platform Version: This offering has been validated on RSA Archer Platform release 5.5.
For More Information
To learn more about the Phantom RSA Ready certified integration, review the Implementation Guide.