Who should attend
Experienced Phantom consultants.
Prerequisites
Attendees for this class must ensure that they meet all course prerequisites. This is a challenging, advanced class that draws on technical knowledge from many areas in Splunk and Phantom, and the demanding labs and course schedule leave little time to learn the basics.
- Experience with Python programming
- Administering Splunk Phantom
- Developing Splunk Phantom Playbooks
- Splunk Enterprise Data Administration
- Splunk Enterprise System Administration
- Either Using or Administering Splunk Enterprise Security
Course Objectives
This three virtual-day course is intended for experienced Phantom consultants who will be responsible for complex Phantom solution development, and will prepare the attendee to integrate Phantom with Splunk as well as develop playbooks requiring custom coding and REST API usage.
Potential attendees should carefully consider the pre-requisites and should ensure they can devote all of their attention to the class, as the course work is very challenging. Students will develop a custom solution with Phantom, Splunk and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development. This will require thoughtful focus, experimentation and problem-solving skills.
Course Content
- Using external Splunk search in Phantom
- Sending events from Splunk to Phantom
- Updating Splunk events from Phantom
- Running Phantom reports on Splunk
- Executing Phantom playbooks from Splunk
- Searching Splunk from Phantom playbooks
- Writing custom code in Phantom Playbooks
- Using the Phantom REST API in Phantom Playbooks