WHAT IS PHANTOM?
Phantom helps you automate repetitive tasks and investigations, and streamline your processes. With Phantom, you can automate security tasks and investigations, and integrate your current security infrastructure.
Phantom can remotely launch collections.
WHOM IS IT BUILT FOR?
Internal IR Teams
WHY IS IT USEFUL?
The Phantom/Cyber Triage integration makes your response team more efficient by automatically starting an analysis of a remote system so that the data is waiting for you when you have time to start working on the alert.
WHERE IS IT USED?
Phantom can start a Cyber Triage endpoint investigation as part of a workflow. Automating your security process allows you to respond faster to incidents and therefore more quickly contain the damage. Phantom can help you execute actions in a fraction of your typical time.
What Are The Usage Details?
This plug-in allows you to perform a collection as part of your playbook.
The primary action of this plug-in is scan endpoint, which sends the Cyber Triage collection tool to the specified endpoint.
To use this action, you must specify:
-Username with admin privileges
-Password of the admin user
To set up the action, you will need to specify:
-Hostname of the Cyber Triage server / REST API
-Server key (that you can get from the Cyber Triage Server options panel)
-The test connectivity action allows you to test that Phantom can communicate with the Cyber Triage server.
If you configured Cyber Triage to use your own SSL certificate, then change the verify_server_cert property to true and import your certificate into https://my.phantom.us/kb/16/ Phantom Certificate Store.
WHAT IS THE REQUIRED CYBER TRIAGE VERSION?
*For more information about this integration contact our sales team: Sales@cybertriage.com.Visit site