Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

SOAR Splunk Apps are Getting a Facelift

Splunk Employee
Splunk Employee

It's time for some long-overdue changes to the Splunk apps that integrate Splunk SOAR into our Splunk Cloud and Enterprise offerings. Here's a quick summary:

Screen Shot 2022-03-02 at 11.05.34 AM.png

This helps reduce confusion about what each app does and simplifies the installation and configuration process. And of course it's about time we moved on from calling things "Phantom" around here! To help remember the differences between the two apps, I find it helpful to think about it this way:

  • Splunk App for SOAR Export - exports data from Splunk to SOAR
  • Splunk App for SOAR - imports data from SOAR to Splunk

How are we going to combine those three apps into one app without making it a huge hassle? Glad you asked. If you currently have "Phantom Remote Search" installed, that app will update in-place with the name change and additional functionality from the other two apps. Users who have "Splunk Add-On for Phantom" or "Splunk App for Phantom Reporting" are encouraged to use the new Splunk App for SOAR as that will be the app receiving updates moving forward.

What do you think of these changes? If you have any questions, please leave a comment below!

— Matt Sayar, Product Manager, SOAR Apps

Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...