Phantom Settings
- Phantom is a security operations platform that helps customers streamline workflows to improve efficiency and precision. The Phantom settings area lets you integrate SOCaaP with your Phantom account. SOCaaP can then pass SOCaaP incidents and event information to Phantom.
To open the 'Phantom Settings' interface
- Click the 'Hamburger' icon > 'Administration' > 'Phantom Settings'
Column Header |
Description |
---|---|
Name |
Name of the phantom account. |
Authentication Token |
Unique key generated to authenticate your Phantom account to SOCaaP. |
Server |
Enter phantom server details. |
Severity |
Select the severity level of incidents that are being pushed to phantom account.
|
Sensitivity |
Color coded indicator for the incident. You configure the sensitivity in the 'Incident Category Management' interface. |
Tags |
Enter keywords which describe the Phantom account's purpose. |
Expires in hours |
The length of time remaining on the current session. |
To assign 'Phantom Action', to an incident:
- Click the 'Hamburger' icon > Incidents > Category Action Management
- Click 'Add'
The 'Add Category Action' dialog will open.
- Select the incident status from the 'Status' drop-down
- Select 'Phantom Action' from the 'Type' drop-down
- Choose the phantom account you want your incident to be pushed to from the 'Phantom Rest Configs' drop-down
The phantom settings configured will populate based on the account you select. See Category Action Management for more details.
The 'Phantom Settings' screen will open. Please see below links to learn more:
- Add phantom account
- Edit phantom account
- Delete phantom account
- Click the 'Hamburger' icon > 'Administration' > 'Phantom Settings'
- Click 'Add' on the bottom right of the interface. The 'Add Phantom Config' interface will open
- Enter the required fields and click 'Save'
- The Phantom account will be added and you can view the details listed in the 'Phantom Settings' interface
- If you want to add a phantom action for an incident, select 'Phantom action' in actions field. See Category Action Management for more details.
- Click the 'Hamburger' icon > 'Administration' > 'Phantom Settings'
- Select the phantom account that you want to edit and click the 'Edit' button on the bottom right of the interface. The 'Edit Phantom Config' interface will open
- Modify the required fields and click 'Save'
The modified account will be saved.
- Click the 'Hamburger' icon > 'Administration' > 'Phantom Settings'
- Select the phantom account that you want to delete and click the 'Delete' button on the bottom right of the interface.
A confirmation dialog will open.
- Click 'Yes' to remove the phantom account
Please note that the incident that are integrated with the account will also be removed.