Use playbooks to automate analyst workflows in Splunk Phantom
Create a playbook in Splunk Phantom to automate security workflows so that analysts can spend more time performing analysis and investigation. The visual playbook editor (VPE) provides a visual platform for creating playbooks without having to write code.
To define a workflow that you want to automate, link together a series of actions that are provided by apps. An app is third-party software integrated with Splunk Phantom. For example, you can integrate MaxMind as a connector, which provides a
geolocate ip action, or integrate Okta as a connector to provide actions such as
set password or
enable user. The actions available for use in your playbooks are determined by the apps integrated with Splunk Phantom.
After you create and save a playbook in Splunk Phantom, you can run playbooks when performing these tasks in Splunk Phantom:
- Triaging or investigating cases as an analyst
- Creating or adding a case to Investigation
- Configuring playbooks to run automatically directly from the playbook editor
Create a new playbook in Splunk Phantom using the visual playbook editor
This documentation applies to the following versions of Splunk® Phantom: 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7