Rich Wire Data Insights Meet Simple, Powerful Automation
ExtraHop offers unprecedented visibility into your network with automatic discovery and classification of every asset, and 100Gbps analytics on every transaction, including encrypted communications. With Phantom, you can use this data to integrate with other tools and automate investigation and response actions for faster, more effective security operations.
Automate Investigations. Orchestrate Responses. Stop Threats Faster.
Phantom enables simple automation and orchestration of complex processes through playbooks. With playbooks, Phantom users can take data from hundreds of products and use a simple drag-and-drop interface to send data between platforms and automate investigation and response actions. Below are the pre-constructed playbooks available in the ExtraHop for Phantom app. You can also build your own!
Scan New DNS Servers for Vulnerabilities
Block External Access to Internal Databases
Investigate Data Exfiltration Anomalies
How It Works
ExtraHop Reveal(x) analyzes wire data to discover and classify every asset communicating on your environment, and uses machine learning to develop a running baseline for what normal behavior looks like. Reveal(x) provides rich data about every asset, and can do even deeper analysis on assets defined as critical; things like databases, file servers, and anywhere sensitive data is stored or communicated. Reveal(x) sees who's acting on your critical assets, and what they're doing, right down to the DB queries or file manipulation commands they're executing.When something abnormal happens that indicates a security threat, an anomaly is recorded and mapped to a step of the attack chain.
With Phantom, This data can be used to accelerate your current investigation processes, automate away slow, tedious steps, and automate rapid responses so that attacks can be stopped in action, or investigated soon enough to prevent further damage.