StreamAlert & Phantom – Part 1

I’m going to continue with the osquery & StreamAlert scenario found here. I went ahead and created a StreamAlert output handler for Phantom: link Phantom Configuration The phantom configuration is pretty straightforward.  A “REST Asset” needs to be created in order for events to be consumed. 1. Define the asset name, product vendor, and product […]