is a cloud-based security orchestration, automation, and response (SOAR) system that is delivered as a software-as-a-service (SaaS) solution hosted and managed by Splunk.
The platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.
Use to perform the following tasks:
- Ingest security events from multiple products such as firewalls, or other security products.
- Triage, analyze, and track events in a unified interface.
- Automate responses to security events with playbooks.
Service terms and policies
See the following links for important terms and policies pertaining to the service. Make sure to read these documents to have a clear understanding of the service. If you have any questions, contact your Splunk sales representative.
is available in the following global AWS regions.
- US (Oregon, Virginia)
- Europe (Ireland, London, Frankfurt)
- Asia Pacific (Seoul, Singapore, Sydney, Tokyo)
- Canada (Central)
delivers the benefits of Splunk Phantom as a cloud-based service, with some differences. This table outlines some general information about :
| ships with over 100 available apps (also called connectors) to support many different security products and other products in your organization.
Add these connectors to your instance by going to the Home menu and selecting Apps.
|Command-line interface (CLI) access||does not allow direct access to infrastructure by customers. As a result, you do not have command-line access to . If you have a supported task that requires command-line access, perform it through the self-service capabilities of Splunk or file a service ticket.|
|REST API||supports a subset of the REST API endpoints available in Splunk Phantom.|
|Mobile||does not allow access from the Splunk Connected Experiences mobile apps.|
|Telemetry||Splunk collects data to measure product metrics, assess performance for optimizations, evaluate engagement, and discover client-side errors that can be fixed. The metrics do not contain any user-provided values such as username, email, or any URL parameters that are user or customer identifiable. See Share data from in Administer .|
|Python||supports Python 3.9 for Playbooks. Earlier versions of Python are not supported. However, if you are using an automation broker, still runs using Python 3.6.|
|SAML2 authentication||supports SAML2 authentication.|
- About in Use .
Get Started with
This documentation applies to the following versions of Splunk® SOAR (Cloud): current