Splunk® Enterprise Security

Administer Splunk Enterprise Security

Integration of Splunk SOAR with Splunk Enterprise Security

Use Splunk SOAR features within Splunk Enterprise Security to streamline complex workflows and automate tasks by consolidating data from multiple tools and teams in your security operations center (SOC).

Before you begin, make sure that your Splunk SOAR instance is paired with your Splunk Enterprise Security instance. For details, see Pair Splunk Enterprise Security with Splunk SOAR earlier in this manual.

Within the Splunk SOAR configuration section of Splunk Enterprise Security, when you select a link with an external link icon (20), you automatically navigate to the corresponding section in Splunk SOAR.

Within Splunk SOAR, to quickly return to the Splunk Enterprise Security home page, use the Home menu and select Open Enterprise Security.

The articles in this chapter point to relevant portions of the Splunk SOAR documentation, where you can find complete information on using Splunk SOAR functionality.

Last modified on 12 September, 2024
Associate an investigation type with a response plan in Splunk Enterprise Security   Configure automation rules to run playbooks based on findings in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters