Endace

The Endace App for Splunk SOAR receives events forwarded from a Splunk Enterprise instance, which are then parsed by the provided playbooks to search for packets of interest on an EndaceProbe fabric. When matching packets are found, these can be automatically downloaded and analyzed, or archived as PCAP files.

Built by SOAR Community

Latest Version 2.0.0

September 21, 2021

Release notes

Compatibility

Not Available

Platform Version: 6.4, 6.3, 6.2, 6.1, 6.0, 5.5, 5.4, 5.3, 5.2, 5.1, 5.0, 4.10, 4.9

Rating

0

(0)

Log in to rate this app

Support

Developer Supported connector

Learn more

Ranking

#36

in Investigative

The Endace App for Splunk SOAR receives events forwarded from a Splunk Enterprise instance, which are then parsed by the provided playbooks to search for packets of interest on an EndaceProbe fabric. When matching packets are found, these can be automatically downloaded and analyzed, or archived as PCAP files.

Supported Actions

test connectivity: Validate the asset configuration for connectivity using supplied configuration
get pcap: Download a PCAP into the vault
delete pcap: Delete the specified PCAP
get status: Get the status of a previously executed query
run query: Run a query to create a PCAP