Skip to main content

 

Splunk Lantern

Understanding the features of Splunk SOAR

Main dashboard

Splunk SOAR’s main dashboard provides an overview of all your data and activity; notable events and their severity; playbooks; connections with other security tools; team workloads; and a summary of ROI from automated actions. 

  • To watch a video that explains this feature, click here.

Playbooks

Playbooks automate security actions at machine speed. Playbooks execute a series of actions across your tools in seconds, versus hours or longer if performed manually. For instance, a playbook can tell your sandbox to detonate a suspected malicious file, while also telling your endpoint security tool to quarantine a device. 

  • To watch a video that explains this feature, click here.
  • Playbooks are also discussed in detail on the next page of this learning path.

Apps

Apps are the integration points between Splunk SOAR and your other security technologies. Through apps, Splunk SOAR directs your other security tools to perform “actions.” Splunk SOAR's app model supports 300+ tools and 2000+ APIs, so you can connect and coordinate workflows across your team and tools. 

  • To watch a video that explains this feature, click here.
  • To search available apps, click here.

Event management

Analysts are often overwhelmed with a large volume of security events. Splunk SOAR makes event management easy by consolidating all events (from multiple sources) in one place. Analysts can sort and filter events to quickly identify high fidelity notable events and prioritize action. 

  • To watch a video that explains this feature, click here.

Case management

Integrated case management allows you to easily promote a verified event to a case. It also allows continued access to all tools, features and data available in one interface. Case Management supports case tasks that map to your defined Standard Operating Procedures (SOPs). It also provides full access to the Splunk SOAR automation engine, allowing you to launch actions and playbooks as part of a task. 

  • To watch a video that explains this feature, click here.

Splunk SOAR on Splunk Mobile

Security orchestration, automation and response is available from your mobile device. Work smarter, respond faster and strengthen your defenses, all from the palm of your hand. Respond to events faster than ever because, via your mobile device, you’re reachable from anywhere. Run playbooks, triage events and collaborate with colleagues on the go.

  • To watch a video that explains this feature, click here.
  • Was this article helpful?