Splunk® SOAR (Cloud)

Build Playbooks with the Playbook Editor

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Harness Cisco Talos Intelligence in Splunk SOAR (Cloud)

Release notes

For detailed release notes, see Cisco Talos Intelligence in Splunkbase, then select the Version History tab.

Cisco Talos overview

Cisco Talos is the threat intelligence division of Cisco, specializing in identifying, analyzing, and mitigating cybersecurity threats. Cisco Talos conducts deep malware analysis, reverse engineering, and vulnerability assessments to detect emerging threats. Cisco Talos creates and distributes threat intelligence updates to protect customers in real-time. Cisco Talos also collaborates with global partners to share insights and develop comprehensive defense strategies, ensuring robust protection against evolving cyber threats.

For additional information about Cisco Talos, see the Cisco Talos Intelligence web site.

Cisco Talos Intelligence functions and use cases

The Cisco Talos Intelligence provides the following core actions in your Splunk SOAR playbooks:

  • IP reputation lookup
  • Domain reputation lookup
  • URL reputation lookup

You can use these actions to address a variety of use cases, including:

  • Automating threat validation in phishing investigations.
  • Enriching security alerts with actionable threat intelligence.
  • Enhancing incident triage through real-time threat lookups.

Use Cisco Talos Intelligence in Splunk SOAR playbooks

Leverage Cisco Talos intelligence information in action blocks within Splunk SOAR playbooks.

For detailed information on how to use Cisco Talos Intelligence, see the README.md file in GitHub.

For detailed information on creating playbooks and using action blocks in playbooks, see the following documentation:

Sample playbook

Get started immediately, using this sample playbook created with Cisco Talos Intelligence. Save this playbook and customize it to suit your organization's needs.

  • CiscoTalosIntelligence_Identifier_Reputation_Analysis: Accepts a URL, IP or Domain and does reputation analysis on the objects. Generates a threat level, threat categories and Acceptable Use Policy categories that are formatted and added to a container as a note.

See also

Cisco Talos Intelligence for Splunk Enterprise Security (Cloud Only) in the Use Splunk Enterprise Security documentation.

Last modified on 17 January, 2025
Reorder active playbooks in  

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters