Use playbooks to automate analyst workflows in Splunk SOAR (On-premises)
Create a playbook in Splunk SOAR (On-premises) to automate security workflows so that analysts can spend more time performing analysis and investigation. The playbook editor provides a visual platform for creating playbooks without having to write code.
To define a workflow that you want to automate, link together a series of actions that are provided by apps. An app is third-party software integrated with Splunk SOAR (On-premises). For example, you can integrate MaxMind as an app, which provides a geolocate ip
action, or integrate Okta as app to provide actions such as set password
or enable user
. The actions available for use in your playbooks are determined by the apps integrated with Splunk SOAR (On-premises).
After you create and save a playbook in Splunk SOAR (On-premises), you can run playbooks when performing these tasks in Splunk SOAR (On-premises):
- Triaging or investigating cases as an analyst
- Creating or adding a case to Investigation
- Configuring playbooks to run automatically directly from the playbook editor
The playbook editor has a minimum supported screen size of 1200px.
Choose between playbooks and classic playbooks in Splunk SOAR (On-premises) |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1
Feedback submitted, thanks!