Skip to main content

Splunk Phantom is now Splunk SOAR

Security orchestration, automation and response for the modern SOC

splunk-soar splunk-soar

Splunk SOAR Apps are now available on Splunkbase

Supercharge your security operations with Splunk SOAR security automation

work-smarter work-smarter

Work Smarter

Automate repetitive tasks to force multiply your team’s efforts and better focus your attention on mission-critical decisions

respond-faster respond-faster

Respond Faster

Reduce dwell times with automated investigations. Reduce response times with playbooks that execute at machine speed

strengthen-your-defenses strengthen-your-defenses

Strengthen Your Defenses

Integrate your existing security infrastructure together so that each part is actively participating in your defense strategy

Product Capabilities
Splunk SOAR combines security infrastructure orchestration, playbook automation, case management capabilities and integrated threat intelligence to streamline your team, processes and tools 
security-infrastructure-splunk-apps security-infrastructure-splunk-apps

Orchestrate Security Infrastructure Using Splunk SOAR Apps

Splunk SOAR's flexible app model supports hundreds of tools and thousands of unique APIs, enabling you to connect and coordinate complex workflows across your team and tools. Powerful abstraction allows you to focus on what you want to accomplish, while the platform translates that into tool-specific actions.

Automate Security Actions Using Splunk SOAR Playbooks

Splunk SOAR enables you to work smarter by executing a series of actions — from detonating files to quarantining devices — across your security infrastructure in seconds, versus hours or more if performed manually. Codify your workflows into automated playbooks using our visual editor (no coding required) or the integrated Python development environment.

automate-security-using-splunk automate-security-using-splunk
collaborate-respond-faster collaborate-respond-faster

Collaborate and Respond to Security Incidents Fast

Drive efficient communications across your team with integrated collaboration tools. Use Splunk SOAR event and case management to rapidly triage events in an automated, semi-automated or manual fashion. Confirmed events can be aggregated and escalated to cases within Splunk SOAR, which enable efficient tracking and monitoring of case status and progress. Measure and report on all security operations activity through to provide human oversight and auditing.

Flexible Deployment Options

Deploy SOAR in the way that best supports the needs of your organization. Splunk SOAR supports on-premises, cloud or hybrid deployments.

flexible-deployment-options flexible-deployment-options

What can you do with Splunk SOAR?