Splunk SOAR Push

Deployable

Verified

Incident Response & Ticketing

SIEM/SOAR

Overview

Real-time push connector that exports OpenCTI incidents as SOAR events and containers as SOAR cases for automated incident response.

The Splunk SOAR Push connector enables real-time streaming of OpenCTI incidents and containers to Splunk SOAR (formerly Phantom). It automatically pushes and converts OpenCTI incidents into SOAR events, and transforms OpenCTI containers (reports, groupings, cases) into SOAR cases with full entity resolution. The connector maps threat intelligence entities, observables, and indicators to SOAR artifacts, enabling seamless push integration from OpenCTI threat intelligence management to Splunk SOAR security orchestration, automation and response workflows.

Basic information

Integration documentation and codeSplunk SOAR Push

Visit the vendor's page to learn more and get in touchVendor Contact

Type

Stream

Product minimum version6.8.13

Shares0