Splunk SOAR (Cloud) is a cloud-based Security Orchestration, Automation, and Response (SOAR) system that is delivered as a SaaS (software-as-a-service) solution hosted and managed by Splunk.
Release Notes
Release notes for Splunk SOAR.
Splunk SOAR (Cloud) Service Description
Describes the benefits of the Splunk SOAR service.
Administer Splunk SOAR (Cloud)
Administer Splunk SOAR and customize the desired product settings.
Use Splunk SOAR (Cloud)
Learn how to use Splunk SOAR for security orchestration and automation using playbooks, workbooks, and cases.
Migrate from Splunk Phantom to Splunk SOAR (Cloud)
Migrate Splunk Phantom applications, playbooks, custom functions, and administration settings to Splunk SOAR.
Build Playbooks with the Playbook Editor
Learn how to create and manage playbooks in Splunk SOAR to automate analyst workflows.
Python Playbook API Reference for Splunk SOAR (Cloud)
Reference documentation for the Python automation API in Splunk SOAR.
Python Playbook Tutorial for Splunk SOAR (Cloud)
Tutorial for the Splunk SOAR Playbook API.
REST API Reference for Splunk SOAR (Cloud)
Reference documentation for Splunk SOAR REST API endpoints.
Develop Apps for Splunk SOAR (Cloud)
A technical development guide to help you develop your own Splunk SOAR apps.
Splunk® App for SOAR
The Splunk App for SOAR allows you to bring in data from Splunk SOAR to Splunk Cloud Platform or Splunk Enterprise for observation and monitoring. This App replaces Splunk Phantom Remote Search and the Splunk Add-on for Splunk Phantom.
Splunk® App for SOAR Export
The Splunk App for SOAR Export translates and forwards information from the Splunk platform to a Splunk SOAR instance. This App replaces the Splunk Phantom App for Splunk.
Splunk® Automation Broker
Configure the Splunk Automation Broker to orchestrate and automate your notable responses for on-premises assets using apps, connectors and playbooks from Splunk SOAR.