Financial Services User Group – Phantom Stream

Financial Services Industry Splunk User Group
Tue, Dec 15, 2020, 11:00 AM (AEDT)

About this event


National Australia Bank (NAB) will be leading the below sessions:

Talk One - Verification Testing of Phantom, using Pytest

Ever wasted hours of your life running the same mundane set of tests to ensure that the latest Phantom upgrade didn’t break anything?

Using Pytest and the Phantom REST APIs, let me show you how to reduce the testing required from hours down to minutes.

Talk Two - Malware on endpoint use case – Playbook structure and design

If you’ve solved the phishing use case and are looking at other use cases to tackle, join us for a walkthrough of a playbook design structure that the NAB are considering for their malware on endpoint use case.

You’ll understand the difference between parent and atomic playbooks and see why the NAB are going this way for their next use case

Speaker - Christopher Hanlen, Lead Cyber Security Specialist (Detection & Orchestration), NAB

Talk three - (could be you!) 

Call for speakers: if you have an interesting Phantom use case, topic, lesson or pro-tip we'd love to have your join and share your use case. There is provision for 2 additional speakers/organisations to present on the day. Please just get in touch with me directly.  Its 10-20 min (max) talk track, slides/no-slides your call.       

The group always allows time for the general exploration on any of the below topics:

  • Playbook management
  • Alert management
  • Case management
  • Incident response
  • Automation editor
  • Metrics & reporting
  • Application ecosystem
  • Q & A / general forum
  • The do’s and don’ts

We look forward to seeing you there. Please be sure to register asap.

Global Time Zones (a truly thankless job)

  • Melbourne / Sydney – Wednesday 18th NOV – 11:00am AEST
  • San Fran – Tuesday 17rd NOV – 4:00pm PDT
  • New York – Tuesday 17rd NOV – 7:00pm
  • Singapore – Wednesday 18th NOV – 8:00am
  • Tokyo - Wednesday 18th NOV – 9:00am
  • London - Thursday 17 July 2020 – 12:00midnight (sorry again EMEA, plan is to change time zones next round)

You can share this invite with other internal teams.



  • Julio Gomez

    Julio Gomez


    Leader, FSI Splunk User Group

    View Profile