Skip to main content

Splunk Prerelease

Run queries on Splunk servers - pre release version.

When a query or alert triggers a notable event (incident) in Splunk, the notable is stored in an index (table). An XSOAR analyst can fetch the notable event and its context data all from within the XSOAR console.

What does this pack do?

This pack is a pre-release version of the SplunkPy pack.
It is meant to release updates for customers to test, before those updates become a part of the official integration.
Currently (July 2021), please only use this integration to fetch incidents.

Using the SplunkPy integration, you can fetch the Splunk notable events. The notable events contain details such as:

  • The name of the alert that was triggered.
  • The objects that make up the alert, such as the IP address, hashes, user names, etc.

Besides fetching notable events, the SplunkPy integration enables you to run drill down searches to retrieve additional data from other tables in Splunk such as:

  • Data about the users (department, role, geographical location)
  • Data about the assets (hostname, IP address, geographical location, department, etc.)

In addition, the integration enables mirroring from Splunk to XSOAR, from XSOAR to Splunk, and from/to XSOAR and Splunk.


Cortex XSOAR


CertificationRead more
Supported ByCortex XSOAR
CreatedJuly 20, 2021
Last ReleaseAugust 2, 2022

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.