To limit the impact of custom code on the VPE, where should the custom code be placed?
Phantom supports multiple user authentication methods such as LDAP and SAML2. What other user authentication method is supported?
Which of the following queries would return all artifacts that contain a SHA1 file hash?
When writing a custom function that uses regex to extract the domain name from a URL, a user wants to create a new artifact for the extracted domain. Which of the following Python API calls will create a new artifact?
In a playbook, more than one Action block can be active at one time. What is this called?
Which of the following are examples of things commonly done with the Phantom REST APP
When assigning an input parameter to an action while building a playbook, a user notices the artifact value they are looking for does not appear in the auto-populated list.
How is it possible to enter the unlisted artifact value?
A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?
A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?
When analyzing events, a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?
A user selects the New option under Sources on the menu. What will be displayed?
A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?
Which of the following can be edited or deleted in the Investigation page?
Is it possible to import external Python libraries such as the time module?