Detailed Course Outline
Module 1 – Introduction & Concepts
- Describe Phantom operating concepts
- Identify documentation and community resources
- Identify installation options
- Perform initial configuration
- Configure multi tenancy to enable use of Phantom by multiple teams
Module 2 –Installation
- Deployment planning
- Pre-installation steps
- Identify installation options
- Upgrading Phantom
Module 3 – Initial Configuration
- Product settings
- Access control
- Authentication settings
- Response settingsv
Module 4 – Apps and Assets
- Describe how apps and assets work in Phantom
- Add and configure new apps
- Configure assets
- Assets as data sources
- Configuring data polling
- Labels and tags
- Data ingestion management
- Event settings
- Work with the analyst queue
- Filtering and sorting
- Using search
- Container export and import
- Aggregation settings
- Use Mission Control to work on events
- Use indicators to find matching artifacts in multiple events
- Using the heads-up display
- Using notes
- Manually run actions and examine action results
- Manually run playbooks
- Use the vault to store related files
- Use case management for complex investigations
- Use case workflows
- Define new workbooks
- Customize case management
- Run reports
- Use Phantom audit tools
- Monitor system health
- Create custom severity levels
- Create custom status levels
- Add custom fields and CEF settings
- Create custom workbooks
- Define clustering best practices
- Configure multi-server Phantom clusters
- Configure multi-tenancy