Integration Spotlight: Splunk Phantom

Integration Spotlight: Splunk Phantom

Contextualized Threat Intelligence for Faster Investigation and Response

Product Overview

Splunk Phantom allows incident response teams to work smarter, respond faster, and strengthen their defenses through playbooks for automation and orchestration. By harnessing Recorded Future’s rich intelligence in Splunk Phantom, teams can improve efficiency, resolve threats faster, and make more confident decisions.

Supercharge your SOAR with the industry’s only threat-centric risk intelligence solution powered by patented machine learning and artificial intelligence. Recorded Future delivers context in real-time, so intelligence stays relevant and integrates seamlessly with Splunk Phantom — enabling faster, more confident security decisions.

Challenges Overcome Through Integration

Orchestration and automation drive digital transformation by enabling organizations to optimize existing processes, reduce costs, fill personnel gaps, and gain a competitive edge. For SOAR solutions to work effectively, however, they require a series of defined playbooks designed to describe threats and how to handle them using repeatable, automated security workflows. These playbooks are only as smart and effective as the data used to construct them, though. Without actionable, real-time data on active and emerging threats, security teams face problems like an overload of information, a lack of context, and more.

Integration Description

Recorded Future’s unique combination of automated data collection and human analysis generates high-quality intelligence that can be seamlessly integrated into Splunk Phantom in the form of real-time Risk Scores for each IP address, domain, URL, hash, and vulnerability. These are created based on risk rules determined from the widest breadth of sources, and delivered directly within Splunk Phantom. This adds valuable context to internal network observables and enables automated processes to rank indicators of compromise (IOCs) by threat severity.

Recorded Future’s Splunk Phantom integration helps incident response teams to quickly identify high-risk security events, rule out false positives, and address low-level events through automation. For example, teams can automate the retrieval of external data for details and context on IOCs from Recorded Future in a playbook. With this intelligence from the broadest set of sources, you can trust that Splunk Phantom can automatically make real-time decisions that strengthen your organization’s security.

Splunk Phantom

The Recorded Future integration for Splunk Phantom is available through the Phantom App store and requires API access to Recorded Future.

To learn more about Recorded Future’s Splunk Phantom integration, download this datasheet.

Learn about our Splunk Enterprise and Splunk ES integrations.