Splunk® App for SOAR

Use Splunk App for SOAR

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Learn about Splunk App for SOAR

Use Splunk App for SOAR to bring in data from Splunk SOAR to Splunk Cloud Platform or Enterprise for collecting, searching, monitoring, reporting, and analyzing. Splunk App for SOAR unifies functionality from other apps, such as Splunk Phantom Remote Search and Splunk Add-on for Phantom to create a streamlined process for observing data from Splunk SOAR.

With Splunk App for SOAR, you can ...

  • Use SPL commands to refine searches through Splunk SOAR data.
  • Report Splunk SOAR data at a glance through dashboards.
  • (Optional service.) Monitor the health of your Splunk SOAR (On-premises) environments using dashboards.
  • Pull audit logs from any number of Splunk SOAR instances.
  • Issue REST API commands to Splunk SOAR environments.

When using the remote-search service in Splunk App for SOAR, the data flows from Splunk SOAR to Splunk Cloud Platform or Enterprise. If you want to set up a flow of data from Splunk Cloud Platform or Enterprise to Splunk SOAR, you must use Splunk App for SOAR Export.

Last modified on 27 June, 2022
  NEXT
Learn about the remote-search service in Splunk App for SOAR

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41, 1.0.57

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters