Security: Splunk SOAR

Community Office Hours
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Security: Splunk SOAR

Security: Splunk SOAR

1 Comment
Cover Images - Office Hours (27).png
Published on ‎09-16-2025 12:56 PM by Splunk Employee | Updated on ‎12-12-2025 08:43 AM

[Register Here]  This thread is for the Community Office Hours session on  Security: Splunk SOAR on Wednesday, Dec 10, 2025 at 11 am PT / 2 pm ET

 

Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics.

 

What can I ask in this AMA?

  • What’s new in the latest Splunk SOAR? Should I upgrade to this version, and what’s the easiest way to make the upgrade happen?
  • How does the Splunk Attack Analyzer integration work? And how can playbooks be implemented to automate response processes for the malware and phishing attack?
  • What are the practical ways to modernize legacy SOC workflows with Splunk Enterprise Security and build the TDIR workflow.
  • How to use Wayfinder? 
  • How to measure the value of my SOAR investment? Real-world examples of how SOAR enhancements improved efficiency, security, and ROI?
  • Anything else you’d like to learn!

 

Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). 

 

Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants.

 

Look forward to connecting!

 


Labels (2)
0 Karma
loriexi
Splunk Employee
Splunk Employee
3 weeks ago
3 weeks ago

Hi everyone! Here are a few questions from the session (get the full Q&A deck and live recording in the #office-hours Slack channel) 

Q1: What are the applications we can integrate with Splunk for SOAR? other applications integration like virus total?

A:  Splunkbase!

 

Q2:  How to manage real time incidents with Splunk SOAR?

A:  SOAR, whether used with ES or not, provides a Case Management environment with live updates, the ability to run actions/playbooks, or even have playbooks run automatically.

 

Q3.  Anything I need to consider before upgrade to the latest SOAR version?

A: 

1.No action required yet but Python migration is coming!
2.Deprecation of the Splunk Mobile App for Splunk SOAR
0 Karma