About the Content Pack for SOAR System Logs

The Content Pack for SOAR System Logs provides an IT Service Intelligence (ITSI)-based approach to monitoring the health of your SOAR server environment. SOAR (Security Orchestration, Automation, and Response) is a platform designed to help reduce the scale of your security operations. With SOAR, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting.

This content pack contains specific Key Performance Indicators (KPIs) for monitoring SOAR metrics. Because each SOAR deployment includes an embedded copy of Splunk Enterprise with dedicated functionality tied to SOAR, a Splunk universal forwarder installed on the SOAR servers takes care of monitoring the environment.

Content pack contents

The Content Pack for SOAR System Logs contains preconfigured ITSI objects, including services and KPIs, that you can tune for your specific needs. This content pack contains the following objects:

Two services:

• Splunk App for SOAR - OS Metrics
• Splunk App for SOAR - System Health

Two deep dives:

• Splunk App for SOAR - OS Metrics
• Splunk App for SOAR - System Health

ITSI support

The Content Pack for SOAR System Logs is only supported in ITSI. It is not supported for Splunk IT Essentials Work.

Installation

If you're using ITSI version 4.11.4 or later, you can install the Content Pack for SOAR System Logs after installing the Splunk App for Content Packs. Install the content pack on the same search head where you installed ITSI. For installation instructions, see Install and configure the Content Pack for Monitoring SOAR System Logs.

Deployment requirements

Use the following table to determine ITSI version compatibility.

Additional resources

• For ITSI deployment planning guidelines, see Plan your ITSI deployment.
• For ITSI compatibility with Splunk Enterprise, see Splunk products version compatibility matrix.