Splunk® Intelligence Management (Legacy)

Developer Guide

SOAR Integrations with REST API v1.3

You can build a custom integration between Splunk Intelligence Management and a SOAR tool that exchanges data between the two platforms. This can provide enriched data that the SOAR tool can use in automating responses to security threats. The integration can also support the sharing of that enriched data with multiple teams in an organization as well as with external teams. See Configuration requirements to learn about the configuration details required for all integrations.

Recommended Commands

Include these commands in your SOAR integration:

Optional Commands

You can use these commands to add functionality:

  • Add Indicators to Company Safelist
  • Copy a report to another enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in Splunk Intelligence Management.
  • Move a report to another Enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in Splunk Intelligence Management.

You can include two additional commands that support the triage of Phishing emails:

You must have the Phishing Triage feature activated in Splunk Intelligence Management to use these commands.

Last modified on 21 April, 2022
Detection Integrations with REST API v1.3   Build an observable-query intelligence source integration

This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters