Splunk® SOAR (Cloud)

Splunk SOAR (Cloud) Service Description

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

service details

is a cloud-based Security Orchestration, Automation, and Response (SOAR) system that is delivered as a SaaS (software-as-a-service) solution hosted and managed by Splunk.

The platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.

Use to perform the following tasks:

  • Ingest security events from multiple products such as firewalls, or other security products.
  • Triage, analyze, and track events in a unified interface.
  • Automate responses to security events with playbooks.

Service terms and policies

The following links access important terms and policies documents that pertain to the service. Be sure to read these documents to have a clear understanding of the service. If you have any questions, contact your Splunk sales representative.

Available regions

is available in the following global regions.

AWS regions

  • US (Oregon, Virginia)
  • Europe (Ireland, London, Frankfurt)
  • Asia Pacific (Seoul, Singapore, Sydney, Tokyo)
  • Canada (Central)

Differences between and Splunk Phantom

delivers the benefits of Splunk Phantom as a cloud-based service. Customers who are familiar with Splunk Phantom architecture should not make assumptions about the architecture or operational aspects of Splunk Phantom software deployed in the service. Specifically, differs from Splunk Phantom in the following ways:

Area Difference
Apps or


ships with over 100 available Apps (also called connectors) to support many different security and other products in your organization.

These connectors can be added to your instance from the Apps screen by going to the Home menu and selecting Apps.

Storage is provisioned with 600GB of disk space and 600GB of PostgreSQL database storage.
Command-line interface (CLI) access does not allow direct access to infrastructure by customers. As a result, you do not have command line access to . Any supported task that requires command line access is performed by the self-service capabilities of Splunk or by filing a service ticket.
REST API supports a subset of the REST API endpoints available in Splunk Phantom.
Mobile does not allow access from the Splunk Connected Experiences mobile apps.
Telemetry Data is collected to measure metrics of the product, assess performance for optimizations, evaluate engagement for roadmaps, and discover client-side errors to inform UI fixes. The metrics do not contain any user-provided values such as username, email, or any URL parameters that are user or customer identifiable. See Share data from in Administer .
Python 3.9 supports Python 3.9 for Playbooks. Earlier versions of Python are not supported. However, if you are using an automation broker, SOAR still runs using Python 3.6.
SAML2 authentication supports SAML2 authentication.

See also

Last modified on 04 April, 2022
Get Started with

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters