Splunk> Phantom is a community-powered security automation and orchestration solution. The Splunk> Phantom Platform integrates existing security technologies, such as Archer, forming a layer of connective tissue between separate products. Manual security-operations tasks codified into Phantom Playbooks become software workflows that run at machine-speed to orchestrate complex interactions among Archer and other Phantom-connected security products.
The integration of Splunk> Phantom with Archer enables Splunk> Phantom to create, list, retrieve, and update Archer incidents (tickets). Phantom Playbooks can leverage Archer capabilities to improve efficiency and precision of the security incident management process including ticketing, investigation, response, and reporting. In doing so, the SOC can work smarter, respond faster, and focus attention onto mission-critical decisions.
Splunk> Phantom integrates using the Archer App for Splunk> Phantom to call Archer web services (REST and SOAP) APIs. The Archer App comes pre-installed and runs entirely within Splunk>Phantom — no new code need be installed on the Archer Platform. Once you enable and configure the App, Archer ticketing actions are available within Splunk> Phantom.
The Splunk> Phantom integration with Archer enables organizations to:
Automate the gathering of system information from a variety of security and network tools
Pass security alerts to Archer for review and prioritization
Escalate high impact events to manage the incident response and the investigation process
To learn more about Splunk> Phantom, please visit their website or contact the Splunk> Phantom sales team at 1.866.438.7758. For technical support questions regarding Archer, please open a support case or contact Archer at firstname.lastname@example.org.