Splunk SOAR Now Available on Google Cloud

2026 is well underway and Splunk is out ahead, building on the December 2025 momentum of Splunk on Google Cloud announcements. The latest milestone: Splunk Security Orchestration, Automation and Response (SOAR) is available as a SaaS service on Google Cloud.

Now, Security Operations Center (SOC) Analysts, Incident Response Teams, and other security professionals can seamlessly take full advantage of Splunk SOAR as a SaaS service within their Google Cloud environments to orchestrate workflows, automate tasks, and respond faster. Splunk SOAR on Google Cloud provides a centralized platform for orchestrating and automating investigation and response workflows. Splunk SOAR also integrates with Splunk Enterprise Security 8.3+ on Google Cloud, enabling an integrated security operations experience across an organization’s Google Cloud estate as well as multi-cloud and hybrid environments.

Turning Alerts and Insights into Action

Increasingly distributed environments and massive alert volumes strain even the most robust SOC teams. Between hybrid architectures, dispersed workforces, and endless amounts of apps and security tools, manually investigating and responding to threats is unsustainable. Security leaders need automation and orchestration as foundational capabilities to improve speed, scale, and consistency across security operations.

Bringing Splunk SOAR to Google Cloud enables organizations to embed Splunk’s security automation capabilities directly into their cloud environments—close to where data, workloads, and operations already reside. By aligning detection, investigation, and response within a cloud-native platform, teams can move from reactive response to repeatable, automated operations, strengthening security posture while improving resilience across cloud environments.

— Vineet Bhan, Director of Security and Identity Partnerships, Google Cloud

What You Can Do with Splunk SOAR on Google Cloud

Splunk SOAR on Google Cloud delivers SOAR capabilities as a SaaS service, including over 2,800 automated actions, 300+ third-party integrations, prebuilt playbooks that utilize MITRE, ATT&CK, and D3FEND frameworks, as well as integration with Splunk Enterprise Security. What’s especially powerful is how Splunk admins can use Splunk SOAR with native Google Cloud services like Google Security Operations, BigQuery, and Google Vault. For example:

• Splunk SOAR can orchestrate response actions based on Google Security Operations detections—automatically enriching alerts and triggering investigation or remediation workflows, so detections translate directly into action.

• When an alert is raised in Splunk Enterprise Security, SOAR can automatically probe BigQuery to enrich incidents with historical or large-scale log data, helping analysts quickly assess scope and impact without leaving their workflow.

• For investigations involving user activity or data governance, SOAR can automate evidence collection through Google Vault, helping teams preserve data, support compliance, and respond faster.

Together, these integrations extend Splunk SOAR beyond traditional security tools and embed automation directly into Google Cloud services. Security teams can automate incident handling and orchestrate response actions across Google Cloud and multi-cloud environments, while unifying data from cloud services and third-party tools into a clearer operational view. Standardized workflows and guided playbooks help SOC teams work more efficiently and consistently, and the scale and reliability of Google Cloud allow security operations to grow with confidence as environments and alert volumes expand.

— Brad Murphy, VP of Platform Engineering at Splunk, a Cisco company

A Growing Splunk and Google Cloud collaboration

Splunk SOAR on Google Cloud represents the latest milestone in a long-standing and expanding  partnership between Splunk and Google Cloud. SOAR adds to the existing lineup of Splunk on Google Cloud solutions including Splunk Cloud Platform, Splunk Enterprise Security, Splunk Observability Cloud, and Splunk IT Service Intelligence. Like these offerings, Splunk SOAR is available in the Google Cloud Marketplace as a seat-based license and is eligible for purchasing using Google Cloud commitments.

The partnership and commitment will be on full display at Google Cloud Next 2026 this April, where Splunk will be a sponsor, showing customers and partners how to see more, build faster, and stay ahead with Splunk on Google Cloud. Stay tuned for more about Next 2026 in the coming months.

Get Started with Splunk SOAR on Google Cloud

Splunk SOAR on Google Cloud is available today through the Google Cloud Marketplace. To learn more, read the SOAR Release Notes or talk with your Splunk team.