This is the official Splunk app that integrates Splunk Enterprise or Splunk Cloud with Splunk SOAR. This app, formerly known as the “Phantom App for Splunk,” is responsible for sending data from your Splunk Enterprise/Cloud instances to Splunk SOAR. Once that data is in Splunk SOAR, you can perform automated actions with over 350+ different security tools. 

Also included with this app is an integration with Splunk Enterprise Security, allowing you to send ES data to SOAR.

Splunk SOAR is a Security Automation and Orchestrated Response (SOAR) platform that integrates with your existing security tools in order to provide a layer of “connective tissue” between them. Splunk SOAR streamlines security operations through the execution of digital “Playbooks” to achieve in seconds what may normally take minutes or hours to accomplish with the dozens of products that you use every day.

Splunk SOAR doesn’t replace existing security products, but instead makes your investment in them smarter, faster and stronger.

(Formerly known as Phantom App for Splunk)