SECURITY

Publish Your Splunk SOAR Apps Faster

The process for our technology partners to publish their SOAR Apps to Splunkbase just got faster and simpler. App updates are now automatically pulled from our partners’ GitHub repositories into the Splunkbase library in a matter of minutes. With 350+ SOAR Apps on Splunkbase across 200+ partners, this process improvement makes Splunk easier to integrate with and more importantly, provides our customers with even faster access to up-to-date Apps. 

This is critical since security orchestration and automation is all about enabling integrations with key technologies, like putting a complex puzzle together. The puzzle pieces are integrations (“Apps”) that our SOAR customers use to build playbooks that automate their response workflows. A playbook allows Splunk SOAR to perform actions on an organization’s various third-party tools and utilities and all of these actions need to be supported by our technology partners. Apps power these actions, and when combined, create playbooks such as “endpoint alert enrichment” on the more common side and “custom hunting playbooks” on the more advanced user side. 

See it in Action

We have been working with multiple technology partners to ensure the enhanced process, well…works! It will be highlighted in a .conf22 in session titled "SEC1104C: Jump to Hyperspace-Publish Apps at Lightspeed with Open SOARce." As a preview to this session, our technology partner DomainTools put together a short video which shows them making an update to one of their Apps and publishing it for customers on Splunkbase within minutes. Check it out in the following video. 


From GitHub to Splunkbase in Minutes

As you saw in the video, we tested the process against an update to their Iris Investigate App. This App is designed to automate, “...investigative actions to profile domain names, get risk scores, and find connected domains that share the same Whois details, web hosting profiles, SSL certificates, and more.” When the DomainTools App developers needed to update the Iris Investigate App on GitHub, they simply accepted a pull request and in about 5 minutes, it was reflected on Splunkbase. For Splunk SOAR users who utilize Iris Investigate in their workflows, the updated App is immediately available. 

In the spirit of “SOAR,” we have automated the process whereby App updates are made available in Splunkbase. The speed with which Splunk SOAR users can pull in these App updates from GitHub to Splunkbase is absolutely critical. We aim to push these updates into the hands of our end users with as little manual intervention as possible. And having automated integrations between GitHub and Splunkbase is the essential connection that, before now, was missing.  

Getting Started

Moving forward, we will continue to make this process available to our SOAR technology partners so that we can see more successful case studies like the one shared above. 

There are a few ways to get started:

This article was co-authored by Dane Disimino, Sr. Product Marketing Manager for SOAR with Splunk. 

Matt Sayar
Posted by

Matt Sayar

Dinking around with his dad's castoff computer parts since he was a kid, Matt's been a computer nerd since it wasn't cool. Has lived all around the world since growing up an Army brat, but now stays put in Colorado since the internet is basically just as good. Has too many dogs and cats

Join the Discussion