is a cloud-based Security Orchestration, Automation, and Response (SOAR) system that is delivered as a SaaS (software-as-a-service) solution hosted and managed by Splunk.
The platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.
Use to perform the following tasks:
- Ingest security events from multiple products such as firewalls, or other security products.
- Triage, analyze, and track events in a unified interface.
- Automate responses to security events with playbooks.
Service terms and policies
The following links access important terms and policies documents that pertain to the service. Be sure to read these documents to have a clear understanding of the service. If you have any questions, contact your Splunk sales representative.
is available in the following global regions.
- US (Oregon, Virginia)
- Europe (Ireland, London, Frankfurt)
- Asia Pacific (Seoul, Singapore, Sydney, Tokyo)
- Canada (Central)
Differences between and Splunk Phantom
delivers the benefits of Splunk Phantom as a cloud-based service. Customers who are familiar with Splunk Phantom architecture should not make assumptions about the architecture or operational aspects of Splunk Phantom software deployed in the service. Specifically, differs from Splunk Phantom in the following ways:
| ships with over 100 available Apps (also called connectors) to support many different security and other products in your organization.
These connectors can be added to your instance from the Apps screen by going to the Home menu and selecting Apps.
|Storage||is provisioned with 600GB of disk space and 600GB of PostgreSQL database storage.|
|Command-line interface (CLI) access||does not allow direct access to infrastructure by customers. As a result, you do not have command line access to . Any supported task that requires command line access is performed by the self-service capabilities of Splunk or by filing a service ticket.|
|REST API||supports a subset of the REST API endpoints available in Splunk Phantom.|
|Mobile||does not allow access from the Splunk Connected Experiences mobile apps.|
|Telemetry||Data is collected to measure metrics of the product, assess performance for optimizations, evaluate engagement for roadmaps, and discover client-side errors to inform UI fixes. The metrics do not contain any user-provided values such as username, email, or any URL parameters that are user or customer identifiable. See Share data from in Administer .|
|Python 3.9||supports Python 3.9 for Playbooks. Earlier versions of Python are not supported. However, if you are using an automation broker, SOAR still runs using Python 3.6.|
|SAML2 authentication||supports SAML2 authentication.|
- About in Use .
Get Started with
This documentation applies to the following versions of Splunk® SOAR (Cloud): current