![]() ![]() This architecture allows for arbitrary data to be imported and run across the security operations domain, beyond the management of security incidents alone.ĭata can be imported from various sources and can be structured or unstructured. In addition, playbooks, the mechanism by which automated actions are run on a container, are container-specific and run only on containers that match their label. ![]() For each label that the system ingests, a new top-level menu item appears within the top-level product navigation to allow you to navigate to the list of respective containers for that label. ![]() Or you might label containers imported from a vulnerability management product as "Vulnerabilities", or containers imported from an IP intelligence source as "Intelligence". Assign this label during the ingest phase and in the ingest configuration when you configure an asset as a data source.įollowing this model, you might label containers imported from a SIEM as "Incidents". This label defines how the respective elements are managed within the platform and where they are organized. A container is the top-level object against which automation is run.Īssign a label to a container to dictate the kind of content it contains. Every container is a structured JSON object which can nest more arbitrary JSON objects, that represent artifacts. Containers are the top-level data structure that Splunk Phantom playbook APIs operate on. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |