Learn about Splunk App for SOAR
Use Splunk App for SOAR to bring in data from Splunk SOAR to Splunk Cloud Platform or Enterprise for collecting, searching, monitoring, reporting, and analyzing. Splunk App for SOAR unifies functionality from other apps, such as Splunk Phantom Remote Search and Splunk Add-on for Phantom to create a streamlined process for observing data from Splunk SOAR.
Splunk App for SOAR is available on Splunkbase.
With Splunk App for SOAR, you can ...
- Use SPL commands to refine searches through Splunk SOAR data.
- Ingest and review Splunk SOAR data.
- Monitor the activities of your Splunk SOAR environments (including viewing containers and artifacts) using dashboards.
- Pull audit logs from any number of Splunk SOAR instances.
- Issue REST API commands to Splunk SOAR environments.
When using the remote-search service in Splunk App for SOAR, the data flows from Splunk SOAR to Splunk Cloud Platform or Splunk Enterprise. If you want to set up a flow of data from Splunk Cloud Platform or Splunk Enterprise to Splunk SOAR, you must use Splunk App for SOAR Export.
Check prerequisites for |
This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41, 1.0.57, 1.0.67
Feedback submitted, thanks!