ITarian Help

Find the desired product help

SOCaaP

SOCaaP

Version 2.2

English

Print Help
SOCaaP SIEM > Administration > Phantom Settings
  • Introduction
    • Logging-in To The SOCaaP Console
  • Dashboard Overview
    • Summary
    • Alerts, Incidents And Website Vulnerabilities
    • Customer Health
  • SOCaaP Alerts/Escalations
    • Log-in To The Admin Console
    • The Home Screen
    • Service Summary
    • Incidents Overview
      • Incidents
      • Threat Summary
    • Log Collection Summary
    • Threat Communication Graph
    • Tickets
    • Reports
    • Notification Settings
    • Integrate Your Office 365 Account With SOCaaP
  • SOCaaP SIEM
    • Log-in To The Admin Console
    • The Main Interface
    • The Dashboard
    • Customer Asset Management
      • Add Customers
      • Add Assets For Monitoring
        • Hard Assets
        • Soft Assets
      • Configure Nxlog And Rsyslog To Send Logs To SOCaaP Server
      • Edit Customers
    • Query Management
      • Configure Event Queries
      • Long Term Analysis
      • Configure Custom Dashboards
      • Event Field Selection Settings
    • Manage Rules
      • Manage Correlation Rules
      • Manage Tagged Rules
      • Manage Aggregation Rules
    • Incidents
      • Manage Incidents
      • Incident Category Management
      • Category Action Management
    • Lists
      • Manage Live Lists
      • Manage Live List Content
      • Manage Range List Content
      • Manage IP Range List Content
      • Manage Multiple Column List Content
    • Manage Reports
    • Administration
      • Event Collection
      • Phantom Settings
      • Manage Users
    • Appendix 1 – Field Groups And Event Items Description
    • Appendix 2 – SOCaaP Supported Logs
  • SOCaaP Web Protection
    • Add Websites
    • The Main Interface
    • The Dashboard
    • Website Data And Settings
      • Website Overview
      • Security Scans
        • Website Scans
        • Website Files Security Scans
          • Malware Scan Settings
            • Automatic Configuration
            • Manual Configuration
          • Run A Scan And View Results
          • Notifications, Malware Removal And Scheduled Scans
        • Vulnerability Scans
          • CMS Vulnerability Scans
          • OWASP Top 10 Vulnerability Scans
      • Content Delivery Network
        • Activate CDN For A Website
        • CDN Settings
        • View CDN Metrics
      • Firewall
        • WAF Statistics
        • WAF Events
        • Configure WAF Policies
        • Manage Custom Firewall Rules
      • SSL Configuration
      • DNS Configuration
      • Add Trust Seal To Your Websites
      • Back Up Your Website
        • Backup Settings
        • On-Demand Backup
        • View Backup Records And File Statistics
        • Restore And Download Website Files
        • Delete Backups
    • Manage Your Profile
  • Sensor Installation
    • Requirements
    • (Option 1) Create Installation Media
    • (Option 2) Deploy Virtual Machine Environment
      • Create A New Virtual Machine
      • Configure Memory Size
      • Configure Hard Disk
      • View VM Summary
      • Configure Network Settings
      • Select VM Startup Disk
    • Sensor Installation Steps
    • Sensor Configuration Steps
      • Login To The Web Portal
      • User Settings
      • Configure Network
      • Configure Timezone
      • Key Activation
      • (Optional) Valkyrie Key Verdict
      • (Optional) Forward Log
  • Frequently Asked Questions
  • About ITarian Security Solutions

Phantom Settings


  • Phantom is a security operations platform that helps customers streamline workflows to improve efficiency and precision. The Phantom settings area lets you integrate SOCaaP with your Phantom account. SOCaaP can then pass SOCaaP incidents and event information to Phantom.

To open the 'Phantom Settings' interface

  • Click the 'Hamburger' icon > 'Administration' > 'Phantom Settings'



Phantom Settings - Table of Column Descriptions

Column Header

Description

Name

Name of the phantom account.

Authentication Token

 Unique key generated to authenticate your Phantom account to SOCaaP.

Server

Enter phantom server details.

Severity

Select the severity level of incidents that are being pushed to phantom account.

  • Low
  • Medium
  • High
  • Dynamic

Sensitivity

 Color coded indicator for the incident. You configure the sensitivity in the 'Incident Category Management' interface.

Tags

 Enter keywords which describe the Phantom account's purpose.

Expires in hours

 The length of time remaining on the current session.

To assign 'Phantom Action', to an incident:
  • Click the 'Hamburger' icon > Incidents > Category Action Management
  • Click 'Add'




The 'Add Category Action' dialog will open.

  • Select the incident status from the 'Status' drop-down
  • Select 'Phantom Action' from the 'Type' drop-down
  • Choose the phantom account you want your incident to be pushed to from the 'Phantom Rest Configs' drop-down



The phantom settings configured will populate based on the account you select. See Category Action Management for more details.


The 'Phantom Settings' screen will open. Please see below links to learn more:

  • Add phantom account
  • Edit phantom account
  • Delete phantom account


Add phantom account

  • Click the 'Hamburger' icon > 'Administration' > 'Phantom Settings'
  • Click 'Add' on the bottom right of the interface. The 'Add Phantom Config' interface will open




  • Enter the required fields and click 'Save'
  • The Phantom account will be added and you can view the details listed in the 'Phantom Settings' interface
  • If you want to add a phantom action for an incident, select 'Phantom action' in actions field. See Category Action Management for more details.
Edit phantom account
  • Click the 'Hamburger' icon > 'Administration' > 'Phantom Settings'
  • Select the phantom account that you want to edit and click the 'Edit' button on the bottom right of the interface. The 'Edit Phantom Config' interface will open



  • Modify the required fields and click 'Save'

The modified account will be saved.


Delete phantom account

  • Click the 'Hamburger' icon > 'Administration' > 'Phantom Settings'
  • Select the phantom account that you want to delete and click the 'Delete' button on the bottom right of the interface.

A confirmation dialog will open.



  • Click 'Yes' to remove the phantom account

Please note that the incident that are integrated with the account will also be removed.

Comodo Help
  • IT Platform:
  • Help
  • Scripts
  • Wiki
  • Forum
  • Developer
  • RMM
  • Patch Management
  • Service Desk
  • ITSM
  • Managed Service Provider
  • Managed Detection and Response
  • Ticketing System
  • Helpdesk
  • ITIL

Copyright 2025 Itarian