Tech Talks: Security Editions - Adaptable Incident Response with Splunk Phantom Modular Workbooks
Phantom Workbooks allow you to codify your security standard operating procedures into reusable templates. Phantom supports custom and industry-standard workbooks that allow you to divide tasks into phases, assign responsibilities to team members, and document your work. However, no single end-to-end workbook can be a “one size fits all” for every investigation of a particular security incident. For instance, one phishing workbook cannot be expected to capture every possible permutation of tasks for every phishing investigation. Some real-time task modification may be required to adapt to unforeseen circumstances in the case.
That’s why we created “modular workbooks” that allow you to effortlessly adapt your security operations workflow. Rather than trying to create all-encompassing end-to-end workbooks that strictly define every single task, modular workbooks allow you to create task modules and combine them in different ways to complete your investigation process. This not only enables more dynamic run-time assignment, but makes workbooks more adaptable and scalable across a variety of use cases.
Tune in to this Tech Talk to:
- Learn how Phantom can dynamically add tasks to your workbooks.
- Understand why workbooks might need to adapt during investigations.
- See modular workbook development in action and utilize these examples in your organization.
Speaker and Presenter Information
Splunk
Relevant Government Agencies
Intelligence Agencies, DOD & Military, Other Federal Agencies, Federal Government, State & Local Government
Event Type
Webcast
This event has no exhibitor/sponsor opportunities
When
Tue, Sep 15, 2020, 3:00pm - 4:00pm
ET
Cost
Complimentary: $ 0.00
Website
Click here to visit event website
Organizer
Splunk
