What is Splunk SOAR (Phantom)?

Splunk SOAR, formerly known as Phantom, is a platform designed to automate and orchestrate security operations and incident response workflows using integrated apps and playbooks.

What external tools can I integrate using this skill?

This skill provide patterns for integrating VirusTotal, CrowdStrike Falcon, ServiceNow, Active Directory, Palo Alto Networks, and MaxMind GeoIP.

How do I monitor the performance of my playbooks?

The skill includes patterns for querying the SOAR REST API to track execution statistics, success rates, and automation metrics like MTTR reduction.

Does this skill support human approval steps?

Yes, it includes implementation patterns for human-in-the-loop (approval gates) to ensure critical actions like host isolation or account disabling require manual authorization.

Is Python knowledge required for this skill?

Yes, Splunk SOAR playbooks are primarily written in Python. This skill provides structured code examples and best practices for writing efficient SOAR automation scripts.

Splunk SOAR & Phantom Automation

Name: Splunk SOAR & Phantom Automation
Author: micsapp

bymicsapp

0•

セキュリティとテスト

Automates security orchestration, alert triage, and incident response workflows using Splunk SOAR and Python-based playbooks.

This skill empowers SOC teams to streamline incident response by automating repetitive tasks like IOC enrichment, alert triage, and containment. By integrating with tools like VirusTotal, CrowdStrike, and ServiceNow, it reduces manual effort, ensures consistent response procedures across shifts, and significantly lowers Mean Time to Repair (MTTR). It provides standardized implementation patterns for building robust, multi-tool playbooks while incorporating essential human-in-the-loop approval gates for high-impact actions like host isolation and account disabling.

主な機能

01Automated Incident Containment Actions

02Multi-tool IOC Enrichment (VirusTotal, Whois, GeoIP)

03ServiceNow & SIEM Integration Patterns

040 GitHub stars

05Automated Phishing Triage Playbooks

06Performance Metrics & Monitoring Scripts

ユースケース

01Standardizing incident response procedures across global SOC teams

02Automating high-volume phishing alert triage and malicious URL blocking

03Enriching SIEM alerts with contextual threat intelligence before analyst review

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-soar-automation-with-phantom

For use in Claude.ai and ChatGPT

主な機能

01Automated Incident Containment Actions

02Multi-tool IOC Enrichment (VirusTotal, Whois, GeoIP)

03ServiceNow & SIEM Integration Patterns

040 GitHub stars

05Automated Phishing Triage Playbooks

06Performance Metrics & Monitoring Scripts

ユースケース

01Standardizing incident response procedures across global SOC teams

02Automating high-volume phishing alert triage and malicious URL blocking

03Enriching SIEM alerts with contextual threat intelligence before analyst review

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-soar-automation-with-phantom

For use in Claude.ai and ChatGPT