The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PolySwarm now integrates with Splunk Phantom

Nov 5, 2019 1:31:37 PM / by PolySwarm Team


Phantom_HUBSPOT - Edited

PolySwarm is now fully integrated with Splunk® Phantom™, a platform trusted by security experts around the world that combines security infrastructure orchestration, playbook automation and case management capabilities.

PolySwarm uses threat bounties to economically incentivize early and accurate threat detection on suspicious files and URLs, submitted by enterprises and individual researchers. 

Adding PolySwarm to a Phantom playbook will effortlessly enable Phantom users to harness the power of a large community of antivirus companies and security experts competing to detect threats in near real-time.

AV engines put their money where their mouth is, when confident, staking money behind their opinions (malicious or benign). This economic pressure incentivizes suppliers to specialize and focus on what they are best at, improving the accuracy of outputs and signal-to-noise ratio (SNR).

Phantom users can install the Phantom app for PolySwarm directly from the Phantom dashboard and plug in their PolySwarm API key to start using. Sign up/login at and the API key is available in your account settings. 

The full list of features and examples of using PolySwarm in a Phantom playbook are available on our GitHub.

To learn more about PolySwarm, and try out the threat detection marketplace directly, visit


PolySwarm in Splunk Phantom: 



PolySwarm, Phantom playbook:



Topics: PolySwarm, Product, Partner

PolySwarm Team

Written by PolySwarm Team

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts