The Phantom App for ThreatQ enables customers to use the ThreatQ Threat LibraryTM as a customized enrichment source throughout the full incident response workflow and empowers analysts to make decisions based on highly detailed information and context.

Phantom automates and orchestrates a wide array of enterprise security operations workflows. It allows teams to sustain increased attack volume, overcome shortages in qualified personnel, and efficiently navigate an increasingly complex IT environment. Phantom enables security operations teams to force multiply their efforts using automation and orchestration to effectively defend their company’s business.

INTEGRATION HIGHLIGHTS

Allows Phantom to pull in enrichment from the ThreatQ Threat Library into Playbooks and create new indicators, events, adversaries and files.

Enriches data from the ThreatQ Threat Library, enabling contextual decision-making based on the results.

Automates incident response workflow: preparation; detection and analysis; containment, eradication and recovery; post-incident activity