The FortiSOAR Splunk Add-on provides the capability to forward Splunk events, alerts and notables to FortiSOAR as a FortiSOAR™ Alert or Incident. It also provides the capability to run any FortiSOAR™ playbook on a Splunk alert or Notable. This add-on also tracks any changes in the Urgency, Status and Lead for all notables forwarded to FortiSOAR™ so that both ES and FortiSOAR™ follow each other’s status changes and update local status accordingly.