Integration of Splunk SOAR with Splunk Enterprise Security
Use Splunk SOAR features within Splunk Enterprise Security to streamline complex workflows and automate tasks by consolidating data from multiple tools and teams in your security operations center (SOC).
Before you begin, make sure that your Splunk SOAR instance is paired with your Splunk Enterprise Security instance. For details, see Pair Splunk Enterprise Security with Splunk SOAR earlier in this manual.
Within the Splunk SOAR configuration section of Splunk Enterprise Security, when you select a link with an external link icon (), you automatically navigate to the corresponding section in Splunk SOAR.
Within Splunk SOAR, to quickly return to the Splunk Enterprise Security home page, use the Home menu and select Open Enterprise Security.
The articles in this chapter point to relevant portions of the Splunk SOAR documentation, where you can find complete information on using Splunk SOAR functionality.
Associate an investigation type with a response plan in Splunk Enterprise Security | Configure automation rules to run playbooks based on findings in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1
Feedback submitted, thanks!