Who Should Attend: Splunk Administrators, Security Analysts, SOC Manager
Splunk Phantom apps provide a way to extend the Phantom platform by adding connectivity to third party security technologies in order to run actions. Given the broad set of technologies that can be orchestrated during cyber response, apps allow users and partners to add their own custom functionality within Phantom. Apps are written in Python, and in order to automate successfully, you must have at least one person that understands how apps work, how to troubleshoot an app, how to modify an app, and how to build a new app from scratch.
This talk will walk you through the open source Phantom Test Harness you can use to greatly simplify the Phantom App building/testing process.
Staff Security Strategist
Product Marketing Specialist, Splunk