Supported Cortex XSOAR versions: 6.0.0 and later.
This Automation script uses the XSOAR API to get the audit logs and pushes them to Splunk HEC. Dependencies: SlunkPy and Core REST API integrations
|timeframe to fetch in hours
There are no outputs for this script.
Multi-tenant environments should be configured with the Cortex Rest API instance when using this automation. Make sure the Use tenant parameter (in the Cortex Rest API integration) is checked to ensure that API calls are made to the current tenant instead of the master tenant.