Splunk® App for SOAR

Use Splunk App for SOAR

Learn about Splunk App for SOAR

Use Splunk App for SOAR to bring in data from Splunk SOAR to Splunk Cloud Platform or Enterprise for collecting, searching, monitoring, reporting, and analyzing. Splunk App for SOAR unifies functionality from other apps, such as Splunk Phantom Remote Search and Splunk Add-on for Phantom to create a streamlined process for observing data from Splunk SOAR.

Splunk App for SOAR is available on Splunkbase.

With Splunk App for SOAR, you can ...

  • Use SPL commands to refine searches through Splunk SOAR data.
  • Report Splunk SOAR data at a glance through dashboards.
  • (Optional service.) Monitor the health of your Splunk SOAR (On-premises) environments using dashboards.
  • Pull audit logs from any number of Splunk SOAR instances.
  • Issue REST API commands to Splunk SOAR environments.

When using the remote-search service in Splunk App for SOAR, the data flows from Splunk SOAR to Splunk Cloud Platform or Enterprise. If you want to set up a flow of data from Splunk Cloud Platform or Enterprise to Splunk SOAR, you must use Splunk App for SOAR Export.

Last modified on 22 April, 2024
  Learn about the remote-search service in Splunk App for SOAR

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41, 1.0.57, 1.0.67, 1.0.71


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters