Skip to main content
Lantern Home
Splunk Lantern

Getting help with SOAR

  1. Last updated
  2. Save as PDF

 

Training

Splunk offers a number of EDU training courses to help you get up to speed on how to make the most of your deployment. Completion of these courses to some effect is an essential building block to success. If you’d like to explore education options here, please get in touch with us via this contact form or get in touch with your account manager.

You can also check the Splunk Education Student Handbook for a full breakdown of Education offerings.

Course Description
Developing Splunk SOAR playbooks This 9 hour introductory course prepares IT and security practitioners to plan, design, create and debug basic playbooks for Splunk SOAR. Students will learn fundamentals of Splunk SOAR playbook capabilities, creation and testing. This course is a pre-requisite for the Advanced Phantom Implementation course.
Splunk SOAR analyst queue walkthrough This 9-minute video shows you how to navigate, filter, edit, and take action on events in the Splunk SOAR Analyst queue.
Advanced Splunk SOAR implementation This three virtual-day course is intended for experienced Phantom consultants who will be responsible for complex Splunk SOAR solution development, and will prepare the attendee to integrate Splunk SOAR with Splunk as well as develop playbooks requiring custom coding and REST API usage.
Splunk SOAR automation broker This 24-minute walkthrough is for Splunk SOAR admins with basic networking knowledge who understand Splunk SOAR apps, assets, and actions. Students will learn the role of the automation broker in Splunk SOAR implementation, how to install, configure, and use the automation broker to run on-prem app actions, and how to troubleshoot issues.
Splunk SOAR mission control walkthrough This 7-minute video guides analysts in using Splunk SOAR with Mission Control.
Administering Splunk SOAR This course prepares IT and security practitioners to install, configure and use a Splunk SOAR server in their environment and will prepare developers to attend the playbook development course.

Technical help - OnDemand Services (ODS)

ODS consultants work with you directly to help you get answers to general questions, get insight on best practices, explore functionality, deploy or review the health of your instance, and implement your use cases. Most customers have OnDemand Services included as a part of their license purchase, but they do expire at the end of each quarter. Use them as early as possible in the quarter by following the instructions from the OnDemand Services Portal End User Guide.

If you cannot open a case or do not know if you have OnDemand access, contact your Splunk Customer Success Manager/Advocate or Account Team or the ODS team at OnDemand-Inquires@splunk.com for clarification and assistance.

Plan Implement Use/Adopt Scale/Optimize
  • Architecture Planning
  • Configuration Guidance
  • Data Readiness
  • Response Planning
  • Content Planning
  • Configuration Support
  • Application Integration Support
  • Build Playbook/Custom Function
  • Post Implementation Review
  • Install/Upgrade Support
  • Design Playbook
  • Design Workbook
  • Content Management
  • Debug Playbook
  • Playbook Review
  • Integration Feature Request
  • Scaling Advisement & Expansion Readiness Assessment
  • Security Integrations Review
  • Upgrade Readiness Assessment
  • Response Review
  • Performance Review

Project-based services

Project-Based Services are much more involved, typically larger-scale services engagements compared to ODS. With these, you will work with a Splunk Engagement Manager to determine and finalize the scope of the project. Once everything is signed off, we will work with you in lockstep to deliver on the agreed-upon project. If you’d like to explore options here, please get in touch with us via this contact form or get in touch with your account manager

Support

Even the most savvy customer will need a little help. Whether it’s error messages, unexplained or unexpected behaviors, or incidents and outages, Technical Support is the first line of defense for all of your post-sales issues. Splunk Support Engineers will partner with you to ensure your environment is optimized to drive your journey with a focus on long-term technical health, so you can realize your ROI as soon as possible.

To review what is included with the Standard and Premium support programs, click here.

The Support Portal can be accessed from the Splunk.com home page for logged in users, or from the Splunk product application user interface. Bring up the navigation menu, scroll to the bottom of the side-bar, select Help & Support, and then select Support and Community. From there you will be able to open a support case.