Struktura kurzu
Tato část není lokalizována
Module 1 – Introduction & Concepts
- Describe Phantom operating concepts
- Identify documentation and community resources
- Identify installation options
- Perform initial configuration
- Configure multi tenancy to enable use of Phantom by multiple teams
Module 2 – Installation
- Deployment planning
- Pre-installation steps
- Identify installation options
- Upgrading Phantom
Module 3 – Initial Configuration
- Product settings
- Access control
- Authentication settings
- Response settings
Module 4 – Apps and Assets
- Describe how apps and assets work in Phantom
- Add and configure new apps
- Configure assets
Module 5 – Data Ingestion
- Assets as data sources
- Configuring data polling
- Labels and tags
- Data ingestion management
- Event settings
Module 6 – Containers and Events
- Work with the analyst queue
- Filtering and sorting
- Using search
- Container export and import
- Aggregation settings
Module 7 – Mission Control
- Use Mission Control to work on events
- Use indicators to find matching artifacts in multiple events
- Manually run actions and examine action results
- Manually run playbooks
- Use the vault to store related files
- Using the heads-up display
- Using notes
Module 8 – Case Management and Workflows
- Use case management for complex investigations
- Use case workflows
- Define new workflows
- Customize case management
Module 9 – Multi tenancy and Clustering
- Define clustering best practices
- Configure multi-server Phantom clusters
- Configure multi-tenancy
Module 10 – Maintenance and reporting
- Run reports
- Use Phantom audit tools
- Monitor system health