Use playbooks to automate analyst workflows in Splunk Phantom
Create a playbook in Splunk Phantom to automate security workflows so that analysts can spend more time performing analysis and investigation. The visual playbook editor (VPE) provides a visual platform for creating playbooks without having to write code.
To define a workflow that you want to automate, link together a series of actions that are provided by apps. An app is third-party software integrated with Splunk Phantom. For example, you can integrate MaxMind as a connector, which provides a geolocate ip
action, or integrate Okta as a connector to provide actions such as set password
or enable user
. The actions available for use in your playbooks are determined by the apps integrated with Splunk Phantom.
After you create and save a playbook in Splunk Phantom, you can run playbooks when performing these tasks in Splunk Phantom:
- Triaging or investigating cases as an analyst
- Creating or adding a case to Investigation
- Configuring playbooks to run automatically directly from the playbook editor
Create a new playbook in Splunk Phantom using the visual playbook editor |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!