Skip to main content
Splunk® SOAR (Cloud)

Python Playbook API Reference for Splunk SOAR (Cloud)

Splunk® SOAR (Cloud)
current (latest release)
The visual editor for classic playbooks is now removed. Convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:

About Splunk SOAR (Cloud) playbook automation APIs

The Splunk SOAR (Cloud) playbook automation API allows security operations teams to develop detailed automation strategies. Playbooks serve many purposes, ranging from automating small investigative tasks that can speed up analysis to large-scale responses to a security breach. The Splunk SOAR (Cloud) playbook automation APIs are supported to leverage the capabilities of the platform.

The Splunk SOAR (Cloud) playbook automation APIs operates using containers, artifacts, datapaths, apps, and assets. To learn more about containers, artifacts, datapaths, apps, and assets, see the following sections:

  • Containers are the top-level data structure the playbook automation APIs operate on. A container is a composite object that consists of one or more artifacts that can be automated against. To learn more about containers and artifacts, see Understanding containers and Understanding artifacts.
  • To learn more about the datapaths used by the Splunk SOAR (Cloud) playbook automation APIs, see Understanding datapaths.
  • Apps are included and shipped with Splunk SOAR (Cloud) and provide actions that are used by the Splunk SOAR (Cloud) playbooks. Assets are instances of apps configured by a Splunk SOAR (Cloud) administrator. To learn more about apps and assets, see Understanding apps and assets.

The automation APIs are made up of the following groups: the playbook automation API, the container automation API, the data management automation API, the data access automation API, the session automation API, the vault automation API, and the network automation API. For more information about the automation APIs, see Automation API.

See also

For more information about how to leverage the Splunk SOAR (Cloud) platform to perform automation, see the documentation.

You want to do this Documentation
Create, update, and selectively remove objects from the system. See REST API Reference for Splunk SOAR (Cloud).
Create a playbook to automate your workflows. See Build Playbooks with the Playbook Editor.
Examples of using some of the key automation API functions. See the Python Playbook Tutorial for Splunk SOAR (Cloud) manual.
Last modified on 20 February, 2025
  Understanding containers

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters