Splunk Phantom SOAR

Accelerating malware analysis, threat hunting, and investigations to ensure attacks are quickly identified and contained to minimize the risk of organizational compromise.

About The Partner:

Founded in 2003, Splunk is a global company and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process.

The Splunk SIEM and Phantom SOAR platforms offer real-time visibility and intelligent AI-powered responses to achieve more capability with less complexity. Splunk removes the barriers between data and action, empowering observability so IT and security teams can ensure their organizations are secure, resilient, and innovative.

The Joint Solution:

VMRay is a best-in-class, automated malware triage and phishing analysis platform to assist Enterprise and MSSP SOC’s identify potential malware and phishing threats. When integrated with Splunk Phantom SOAR, malware analysis, threat hunting, and investigations are accelerated, ensuring attacks are quickly identified and contained to minimize the risk of organizational compromise.

SIEM/SOAR Alert Validation:

VMRay’s integration with Splunk Phantom SOAR automates Tier 1 and Tier 2 malware alert triage tasks in high volume alert environments, with confident, automated responses to mitigate threats faster. Alert validation with VMRay FinalVerdict dramatically reduces EDR malware alert false positives and eases Analyst alert fatigue in the SOC. By minimizing the reliance on highly skilled SOC Analysts, organizations can reassign them from mundane, repetitive tasks to focus on more strategic business goals.

Faster Incident Response:

Augmenting Splunk Phantom SOAR with VMRay FinalVerdict provides SOC teams with the ability to automatically identify and mitigate malicious known and previously unknown Zero Day threats. VMRay’s ability to extract and categorize IOCs helps detection engineering teams rapidly create mitigating signatures or policy rules to block future attacks. Combined, Splunk and VMRay reduce the SOC’s overall Mean Time To Detect (MTTD) and Mean Time To Resolution (MTTR), greatly enhancing economy of service and decreasing costs associated with malware out brakes and incident response.

VMRay is Trusted by

VMRay is our deep analysis solution that helped us reduce the workload of our manual analyses by 90%.
Global Top 3 Cyber Security
IR Services Provider
With auto-forwarding feature, VMRay automatically scans and detonates phishing emails. The time our analysts need to analyze phishing is nearly halved.
Life Fitness
Brad Marr | CISO & Senior Director
With VMRay, we are able to handle analysis of huge numbers of submissions with ease in an automated way. This creates enormous value for our company.
Cyber Security Team Lead
A Leading Global Tech Company
Previous slide
Next slide

Watch The Integration in Action


How to detect malicious emails with IR Mailbox

Watch a 3-minute demo to see how VMRay Analyzer’s IR Mailbox works.


VMRay Analyzer for Reliable Security Automation

Explore all security automation use cases that help you can benefit.


Automated Phishing Threat Analysis

Watch the webinar recording from SANS Cyber Solutions Fest.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator