Content Pack for SOAR System Logs

Content Pack for SOAR System Logs

The Content Pack for SOAR System Logs is a replacement for the Content Pack for Monitoring Phantom as a Service.

About the Content Pack for SOAR System Logs

The Content Pack for SOAR System Logs provides an IT Service Intelligence (ITSI)-based approach to monitoring the health of your SOAR server environment. SOAR (Security Orchestration, Automation, and Response) is a platform designed to help reduce the scale of your security operations. With SOAR, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting.

This content pack contains specific Key Performance Indicators (KPIs) for monitoring SOAR metrics. Because each SOAR deployment includes an embedded copy of Splunk Enterprise with dedicated functionality tied to SOAR, a Splunk universal forwarder installed on the SOAR servers takes care of monitoring the environment.

Content pack contents

The Content Pack for SOAR System Logs contains preconfigured ITSI objects, including services and KPIs, that you can tune for your specific needs. This content pack contains the following objects:

Two services:

  • Splunk App for SOAR - OS Metrics
  • Splunk App for SOAR - System Health

Two deep dives:

  • Splunk App for SOAR - OS Metrics
  • Splunk App for SOAR - System Health

ITSI support

The Content Pack for SOAR System Logs is only supported in ITSI. It is not supported for Splunk IT Essentials Work.

Installation

If you're using ITSI version 4.11.4 or later, you can install the Content Pack for SOAR System Logs after installing the Splunk App for Content Packs. Install the content pack on the same search head where you installed ITSI. For installation instructions, see Install and configure the Content Pack for Monitoring SOAR System Logs.

Deployment requirements

Use the following table to determine ITSI version compatibility.

Splunk App for Content Packs version ITSI version SOAR Content Pack version Splunk App for SOAR version
1.8.0 4.11.4 or higher 1.0.0 or higher 1.0.0 or higher

Additional resources

Last modified on 21 November, 2022
  Release notes for the Content Pack for SOAR System Logs

This documentation applies to the following versions of Content Pack for SOAR System Logs: 1.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters