Skip to main content


This Script is part of the Forward XSOAR Audit Logs to Splunk HEC Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This Automation script uses the XSOAR API to get the audit logs and pushes them to Splunk HEC. Dependencies: SlunkPy and Core REST API integrations

Script Data#

Script Typepython3


Argument NameDescription
timeframetimeframe to fetch in hours


There are no outputs for this script.


Multi-tenant environments should be configured with the Cortex Rest API instance when using this automation. Make sure the Use tenant parameter (in the Cortex Rest API integration) is checked to ensure that API calls are made to the current tenant instead of the master tenant.