PolySwarm is now fully integrated with Splunk® Phantom™, a platform trusted by security experts around the world that combines security infrastructure orchestration, playbook automation and case management capabilities.
PolySwarm uses threat bounties to economically incentivize early and accurate threat detection on suspicious files and URLs, submitted by enterprises and individual researchers.
Adding PolySwarm to a Phantom playbook will effortlessly enable Phantom users to harness the power of a large community of antivirus companies and security experts competing to detect threats in near real-time.
AV engines put their money where their mouth is, when confident, staking money behind their opinions (malicious or benign). This economic pressure incentivizes suppliers to specialize and focus on what they are best at, improving the accuracy of outputs and signal-to-noise ratio (SNR).
Phantom users can install the Phantom app for PolySwarm directly from the Phantom dashboard and plug in their PolySwarm API key to start using. Sign up/login at https://polyswarm.network and the API key is available in your account settings.
The full list of features and examples of using PolySwarm in a Phantom playbook are available on our GitHub.
To learn more about PolySwarm, and try out the threat detection marketplace directly, visit https://polyswarm.network/.
PolySwarm in Splunk Phantom:
PolySwarm, Phantom playbook: