Splunk SOAR

Detection & Response Enablement

Incident Response & Ticketing

A picture of U2hhcmVhYmxlUmVzb3VyY2VJbWFnZTpjYmIyYjg4ZC03YWUzLTQzMzMtYTY4Ni1lMWQ1MmRmYTZhNjA=

Overview

Integrates OpenCTI Threat Intelligence Platform with Splunk SOAR for threat intelligence management and incident response

The OpenCTI Integration for Splunk SOAR bridges OpenCTI's threat intelligence platform with your security orchestration workflows. It enables analysts to enrich artifacts (IPs, domains, hashes, URLs), search and create STIX observables and indicators, manage threat entities (threat actors, malware, intrusion sets, campaigns, vulnerabilities), and handle cases (Incident, RFI, RFT) — all without leaving Splunk SOAR. Bulk operations and relationship creation keep your OpenCTI knowledge base in sync with active investigations.

Basic information

Organization

Filigran

Author

Romain Guignard

Type

Third party integrations

Subtype

Orchestration (SOAR)

Last updated atApril 23, 2026

Vendor URLhttps://github.com/OpenCTI-Platform/splunk-soar-connector

Github URLhttps://github.com/OpenCTI-Platform/splunk-soar-connector

OpenCTI compatibility version6.9.0

Shares0