Splunk® SOAR (Cloud)

Splunk SOAR (Cloud) Service Description

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

service details

is a cloud-based security orchestration, automation, and response (SOAR) system that is delivered as a software-as-a-service (SaaS) solution hosted and managed by Splunk.

The platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.

Use to perform the following tasks:

  • Ingest security events from multiple products such as firewalls, or other security products.
  • Triage, analyze, and track events in a unified interface.
  • Automate responses to security events with playbooks.

Service terms and policies

See the following links for important terms and policies pertaining to the service. Make sure to read these documents to have a clear understanding of the service. If you have any questions, contact your Splunk sales representative.

Available regions

is available in the following global AWS regions.

  • US (Oregon, Virginia)
  • Europe (Ireland, London, Frankfurt)
  • Asia Pacific (Seoul, Singapore, Sydney, Tokyo)
  • Canada (Central)

General information

delivers the benefits of Splunk Phantom as a cloud-based service, with some differences. This table outlines some general information about :

Area Difference
Apps or


ships with over 100 available apps (also called connectors) to support many different security products and other products in your organization.

Add these connectors to your instance by going to the Home menu and selecting Apps.

  • is provisioned with 600GB of disk space and 600GB of PostgreSQL database storage. With expected use and typical data retention settings, this sizing is sufficient for at least two years.
  • Data is not limited by time. You an keep data for several years as long as you are below the specified limits.
  • Data does not expire, with the exception of playbook run (debug) logs.
  • Splunk proactively detects if you are approaching the data limit and can work with you to reduce data consumption or add storage.
  • If you have a data emergency, Splunk prioritizes availability over controlling storage consumption.
  • If needed, you can purchase additional storage.
Command-line interface (CLI) access does not allow direct access to infrastructure by customers. As a result, you do not have command-line access to . If you have a supported task that requires command-line access, perform it through the self-service capabilities of Splunk or file a service ticket.
REST API supports a subset of the REST API endpoints available in Splunk Phantom.
Mobile does not allow access from the Splunk Connected Experiences mobile apps.
Telemetry Splunk collects data to measure product metrics, assess performance for optimizations, evaluate engagement, and discover client-side errors that can be fixed. The metrics do not contain any user-provided values such as username, email, or any URL parameters that are user or customer identifiable. See Share data from in Administer .
Python supports Python 3.9 for Playbooks. Earlier versions of Python are not supported. However, if you are using an automation broker, still runs using Python 3.6.
SAML2 authentication supports SAML2 authentication.

See also

Last modified on 03 June, 2022
Get Started with

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters