Learn about Splunk App for SOAR
Use Splunk App for SOAR to bring in data from Splunk SOAR to Splunk Cloud Platform or Enterprise for collecting, searching, monitoring, reporting, and analyzing. Splunk App for SOAR unifies functionality from other apps, such as Splunk Phantom Remote Search and Splunk Add-on for Phantom to create a streamlined process for observing data from Splunk SOAR.
Splunk App for SOAR is available on Splunkbase.
With Splunk App for SOAR, you can ...
- Use SPL commands to refine searches through Splunk SOAR data.
- Report Splunk SOAR data at a glance through dashboards.
- (Optional service.) Monitor the health of your Splunk SOAR (On-premises) environments using dashboards.
- Pull audit logs from any number of Splunk SOAR instances.
- Issue REST API commands to Splunk SOAR environments.
When using the remote-search service in Splunk App for SOAR, the data flows from Splunk SOAR to Splunk Cloud Platform or Enterprise. If you want to set up a flow of data from Splunk Cloud Platform or Enterprise to Splunk SOAR, you must use Splunk App for SOAR Export.
Learn about the remote-search service in Splunk App for SOAR |
This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41, 1.0.57, 1.0.67, 1.0.71
Feedback submitted, thanks!