
When is deployed, the platform sends anonymized usage data to Splunk Inc. ("Splunk") to help improve in future releases.
How data is collected
uses Splunk Web Analytics (swa.js) to collect anonymous usage data. These analytics run in the background. Collecting data affects the web interface loading in a minimal way.
What data is collected
Data is collected to measure metrics of the product, assess performance for optimizations, evaluate engagement for roadmaps, and discover client-side errors to inform UI fixes. The metrics do not contain any user-provided values such as username, email, or any URL parameters that are user or customer identifiable. collects the following basic usage information:
Name | Description | Example |
---|---|---|
app.session.session_start
|
Reports the browser and OS, along with their versions. | data: { app: UNKNOWN_APP browser: Chrome browserVersion: 78.0.3904.97 device: MacIntel locale: en-US os: Mac OS X osVersion: 10. page: UNKNOWN_PAGE splunkVersion: not available } eventID: d9ca862c-d48d-83a1-d1bb-f0f25f4b5af8 experienceID: 6c2c534b-e750-e1a0-95fd-fcada1a50be0 optInRequired: 3 timestamp: 1574213029 visibility: anonymous |
app.session.soar.pageview
|
Reports which pages are visited by users. | data: { app: soar page: admin.company_settings.info soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca soarUserID: 5d900c28b8d1555745c09908ef386860 } deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca eventID: 0db11144-7c14-88f7-b3e9-3a999102bfc6 experienceID: 20d4d671-7d18-f74a-c72f-9811b5bee20d optInRequired: 3 timestamp: 1574210581565 visibility: anonymous |
app.session.soar.error
|
Reports uncaught errors of front-end scripts. | data: { app: soar errorMsg: Uncaught ReferenceError: helloworld is not defined file: /inc/swa/swa_enabled.js page: admin.product_settings.telemetry position: 74:1 soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca soarUserID: 5d900c28b8d1555745c09908ef386860 } deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca eventID: 94efce66-ab89-33ae-f894-1cceb8f68f78 experienceID: 239facf6-261d-dd96-be08-33870c7d3750 optInRequired: 3 timestamp: 1574294947704 visibility: anonymous |
app.session.soar.apiTime
|
Reports roundtrip time consumption for each API request. | data: { app: soar endpoint: /rest/ph_user/3/permissions method: get page: UNKNOWN_PAGE status: 200 time: 150 soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca soarUserID: 5d900c28b8d1555745c09908ef386860 } deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca eventID: 551e5c46-4f71-d92a-51ba-30cf97ae3a97 experienceID: 6c2c534b-e750-e1a0-95fd-fcada1a50be0 optInRequired: 3 timestamp: 1574213030362 visibility: anonymous |
app.session.soar.pageview
|
Reports the page that user is visiting. Query strings and parameters are removed. | data: { app: soar page: admin.company_settings.info soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca soarUserID: 5d900c28b8d1555745c09908ef386860 } deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca eventID: 0db11144-7c14-88f7-b3e9-3a999102bfc6 experienceID: 20d4d671-7d18-f74a-c72f-9811b5bee20d optInRequired: 3 timestamp: 1574210581565 visibility: anonymous |
app.session.soar.license
|
Reports license status, limits, and usage information. Sent once per session. | data: { app: soar expirationDate: 1576800000000 issueDate: 1575504000000 limits: { actions: 50 events: 75 tenants: 250 users: 5 } page: UNKNOWN_PAGE type: standard usage: { recentAppRunCount: 5 recentDebugRunCount: 5 recentPlaybookRunCount: 1 } soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca soarUserID: 5d900c28b8d1555745c09908ef386860 } deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca eventID: 5854bede-18d9-5a88-d023-e698dab1afaf experienceID: 31a418cc-1371-c58a-a0b8-dc87638b126f optInRequired: 3 timestamp: 1575656115189 visibility: anonymous |
app.session.soar.systemSettings
|
Reports the feature on/off settings and product version. | data: { app: soar isClusteringEnabled: false isMultiTenantEnabled: false numOfClusterNodes: 0 page: UNKNOWN_PAGE productVersion: 10900.0.5 nodeGUID: dca36837-3e10-4cbd-bf14-b49097b84347 isElasticSearchEnabled: false splunkConfig: { searchLocation: local searchType: standalone } soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca soarUserID: 5d900c28b8d1555745c09908ef386860 } deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca eventID: d4b331e7-3ce3-91b6-7724-bc4d7235bca9 experienceID: 21febb16-c3f6-cbd5-ffac-905f1466c830 optInRequired: 3 timestamp: 1576695256840 visibility: anonymous |
app.session.soar.vpe
|
Reports:
|
data: { app: soar jsonSchemaVersion:"5.0.3" page: UNKNOWN_PAGE blocks: { totalCount: 14 blockTypes: { action: 2 playbook: 1 code: 1 utility: 1 filter: 1 decision: 1 format: 6 prompt: 1 } customCodeBlockCount: 3 customCodeBlockTypeCounts: { start: 0 end: 1 action: 2 playbook: 0 code: 0 utility: 0 filter: 0 decision: 0 format: 0 prompt: 0 } actions: ["geolocate ip", "whois domain"] } hotkeys: { totalCount: 14 interactions: { addMiniMenu: 7 addActionBlock: 6 addPlaybookBlock: 0 addCodeBlock: 0 addUtilityBlock: 0 addFilterBlock: 0 addDecisionBlock: 0 addFormatBlock: 1 addPromptBlock: 0 autoArrange: 1 zoomToFit: 1 zoomIn: 0 zoomOut: 0 savePlaybook: 1 deleteNode: 0 toggleEditor: 1 toggleDebugger: 1 toggleSettings: 1 showShortcutModal: 1 } } features: { customConditionLabel: 3 customDatapaths: 2 playbookInputs: { count: 0 dataTypes: { "domain": 0 "file id": 0 "file name": 0 "file path": 0 "hash": 0 "host name": 0 "ip": 0 "mac address": 0 "port": 0 "process name": 0 "url": 0 "user name": 0 } } playbookOutputs: { count: 1 dataTypes: { "domain": 1 "file id": 0 "file name": 0 "file path": 0 "hash": 0 "host name": 0 "ip": 0 "mac address": 0 "port": 0 "process name": 0 "url": 0 "user name": 0 } dedupeCount: 0 } } playbookType: automation playbookName: 5d900c28b8d1555745c09908ef133337 soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca soarUserID: 5d900c28b8d1555745c09908ef386860 } deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca eventID: d4b331e7-3ce3-91b6-7724-bc4d7235bca9 experienceID: 21febb16-c3f6-cbd5-ffac-905f1466c830 optInRequired: 3 timestamp: 1576695256840 visibility: anonymous |
app.session.soar.vpeTime
|
Reports the time in milliseconds it took for the VPE to load in the browser. | data: { app: soar pageLoadTime: 10298 } deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca eventID: d4b331e7-3ce3-91b6-7724-bc4d7235bca9 experienceID: 21febb16-c3f6-cbd5-ffac-905f1466c830 optInRequired: 3 timestamp: 1576695256840 visibility: anonymous |
PREVIOUS Assess app and asset connectivity and ingestion |
This documentation applies to the following versions of Splunk® SOAR (Cloud): current
Feedback submitted, thanks!