Play Video
Video Summary
This video focuses on how security orchestration is achieved within Splunk SOAR through the use of apps. These apps enable the integration and coordination of security functions by connecting various security tools, allowing programmatic control over security actions. With over 350 apps available, spanning a wide range of technologies, each app is essentially a Python module designed to authenticate and interact with other services, primarily using APIs. Custom apps can also be created to integrate proprietary in-house tools, with extensive documentation and a wizard to assist in app development. These apps allow Splunk SOAR to automate security tasks, such as querying email accounts or blocking IP addresses, and can be customised and modified as needed, with 30% of the apps contributed by the community.
Each app in Splunk SOAR contains a set of actions, such as blocking an IP or terminating a session, with actions standardised across apps to simplify Playbook creation. These apps can be linked to specific assets, like firewalls or external services, with role-based permissions controlling access. For certain high-risk actions, such as modifying a firewall, an approval process is built in, with primary, secondary, and executive escalation paths ensuring proper authorisation. This detailed orchestration and automation process helps streamline and enhance security operations, providing a powerful tool for managing and integrating diverse security systems efficiently.
Each app in Splunk SOAR contains a set of actions, such as blocking an IP or terminating a session, with actions standardised across apps to simplify Playbook creation. These apps can be linked to specific assets, like firewalls or external services, with role-based permissions controlling access. For certain high-risk actions, such as modifying a firewall, an approval process is built in, with primary, secondary, and executive escalation paths ensuring proper authorisation. This detailed orchestration and automation process helps streamline and enhance security operations, providing a powerful tool for managing and integrating diverse security systems efficiently.
Other Videos in this Series
Splunk SOAR Explained - Response 101
Episode 4
Additional Resources
Who are Somerford?
We are a passionate group of people delivering innovation to our customers on their digital transformation journey.
Splunk Edge Hub
Effortlessly streamline the process of inegrating your data with the Splunk Edge Hub.
Splunk Security Solutions
Utilise Splunk's suite of security solutions designed to provide uniefied and robust defence against cyber threads.
Get in Touch to Learn More
With specialist knowledge, skills and experience derived from supporting a broad range of FTSE 100, FTSE 250 and smaller companies Somerford Associates have a strong reputation for enabling digital transformation at scale, at pace and in budget.