We’re excited to announce that Splunk SOAR is now natively available as a SaaS solution on Google Cloud Platform (GCP)! Now, Security Operations Center (SOC) Analysts, Incident Response Teams, and other security professionals can seamlessly take full advantage of SOAR natively within their Google Cloud environments to orchestrate workflows, automate tasks, and respond faster.  Splunk SOAR on Google Cloud provides a centralized platform for orchestrating and automating investigation and response workflows. SOAR also integrates with Splunk Enterprise Security 8.3 on Google Cloud, enabling fully unified security operations across an organization’s Google Cloud estate as well as multi-cloud and hybrid environments.  Turning Alerts and Insights into Action  Bringing Splunk SOAR to Google Cloud enables organizations to embed security automation directly into their cloud environments—close to where data, workloads, and operations already reside. By aligning detection, investigation, and response within a cloud-native platform, teams can move from reactive response to repeatable, automated operations, strengthening security posture while improving resilience across Google Cloud and hybrid environments.  What You Can Do with Splunk SOAR on Google Cloud  SOAR on Google Cloud delivers all the native SOAR capabilities, including over 2,800 automated actions, 300+ third-party integrations, prebuilt playbooks that utilize MITRE, ATT&CK, and D3FEND frameworks, as well as integration with Splunk Enterprise Security.   What’s especially powerful is how Splunk admins can use SOAR with native Google Cloud services like Big Query, Chronicle, and Google Vault. For example:   SOAR can orchestrate response actions based on Chronicle detections—automatically enriching alerts and triggering investigation or remediation workflows, so detections translate directly into action.  When an alert is raised in Splunk Enterprise Security, SOAR can automatically probe Big Query to enrich incidents with historical or large-scale log data, helping analysts quickly assess scope and impact without leaving their workflow.  For investigations involving user activity or data governance, SOAR can automate evidence collection through Google Vault, helping teams preserve data, support compliance, and respond faster.  Together, these integrations extend Splunk SOAR beyond traditional security tools and embed automation directly into Google Cloud services. Standardized workflows and guided playbooks help SOC teams work more efficiently and consistently, and the scale and reliability of Google Cloud allow security operations to grow with confidence as environments and alert volumes expand.  Get Started with Splunk SOAR on Google Cloud  Splunk SOAR on Google Cloud is available today through the Google Cloud Marketplace. To learn more, read the SOAR Release Notes or talk with your Splunk team.    ... View more

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's end-of-life and its direct impact on your Splunk SOAR apps. Adopting modern Python standards, driven by this change, is essential for maintaining SOAR's security, performance, and alignment. Why This Matters  Python 3.9 will reach its official end-of-life in October 2025. After this date, it will no longer receive security updates or bug fixes from the Python Software Foundation.  The SOAR version scheduled for release in April 2026 will no longer support Python 3.9. Any apps not updated for Python 3.13 compatibility will fail to execute starting with this release.  We strongly encourage all community app developers to begin updating their apps now to maintain uninterrupted functionality and compatibility ahead of these timelines.  What You Need to Do  Update your app code to be compatible with Python 3.13.  Check for deprecated syntax and updated library support.  Test your app locally in a Python 3.13 environment.  SOAR Apps pre-commit will automatically flag incompatible code.  Verify third-party dependencies support Python 3.13  Ensure that all external libraries and third-party packages used by your app are compatible with Python 3.13.  Validate in SOAR.  Validate that actions, connections, and results behave as expected in a Python 3.13-based SOAR environment (7.0.0+).  More information on updating SOAR apps for Python 3.13 can be found in the Contribution Guide below.  Additional Resources  Contribution Guide  If you encounter any issues or need support, please contact us at devinfo@splunk.com.  Thank you for helping us maintain a secure and reliable app ecosystem for all SOAR users.  ... View more