Code42 + Splunk Phantom
Speed detection and automate response to insider threats
Code42 integrates with Splunk Phantom to automate tasks within insider threat workflows, and accelerate time to detect and respond to common insider risk scenarios such as departing employees.
Together, Code42 and Splunk Phantom allow security teams to scale, standardize and accelerate their overall incident response process for insider threats. High-fidelity alerts powered by Code42’s signal capabilities enable faster decision-making and can enrich existing security workflows within Splunk Phantom.
Benefits of the Code42 + Splunk Phantom integration
Faster response
Automate tasks within insider threat workflows for faster decision-making.
Complete context
Quickly investigate risky file movements such as external file sharing via browsers, cloud services or email – without leaving Splunk Phantom.
Increased productivity
Close incident tickets faster by automating response and remediation procedures via Splunk Phantom.
Integration features
Automate workflows
Automate tasks within insider threat workflows by ingesting Code42 alerts into Splunk Phantom to trigger or enrich existing playbooks.
Streamline offboarding
Add or remove employees from Code42 risk detection lenses for departing employees from within Splunk Phantom.
Forensic search
Obtain complete incident context about exfiltrated files, including user, file and exposure type, file size, and data source.
Actionable insights
Leverage other Splunk Phantom product integrations to coordinate response across security functions based on insights from Code42.
Insider threat ecosystem
Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.





Integration features
Automate workflows
Automate tasks within insider threat workflows by ingesting Code42 alerts into Splunk Phantom to trigger or enrich existing playbooks.

Streamline offboarding
Add or remove employees from Code42 risk detection lenses for departing employees from within Splunk Phantom.

Forensic search
Obtain complete incident context about exfiltrated files, including user, file and exposure type, file size, and data source.

Actionable insights
Leverage other Splunk Phantom product integrations to coordinate response across security functions based on insights from Code42.

Insider threat ecosystem
Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.

Featured Use Case
Automated investigation and response to data exfiltration
Challenge
Challenge: According to Forbes Insights, 75% of security professionals say security is too complex because there are too many tools, policies and alerts.
Solution
Solution: Together, Code42 and Splunk Phantom automate tasks within insider threat incident response processes from the Phantom platform. The integration allows security teams to investigate potential file exfiltration, significantly reducing the time it takes to detect and respond to insider threats.
Benefit
Benefit: Splunk Phantom together with Code42 enable security teams to close incidents with speed and at scale by automating response actions and remediation procedures via Splunk Phantom.