Contact sales
Details

The Splunk Cloud Platform lets you investigate, monitor, analyze and act on your data with unprecedented insight, all from the cloud.

Note: This integration requires specific Splunk Cloud configuration details. Ensure that you follow the instructions carefully in the Integration Guide area below.

The Splunk Cloud Platform lets you investigate, monitor, analyze and act on your data with unprecedented insight, all from the cloud. Splunk experts manage your IT backend so you can focus on acting on your data, while the platform scales to your analytics needs. Make the most of all your data while maintaining privacy and compliance standards with our industry-certified platform.

The Splunk Cloud integration enables three outcomes:

  • A Splunk Cloud target in Cisco XDR Automation for automated workflows.
  • (Optional) In XDR Investigate, querying of security detections across Network Traffic, Malware, Data Loss Prevention, and Intrusion Detection CIM-compliant data for observables such as IP addresses, hostnames, file names, file paths, MD5 hashes, and SHA-256 hashes. Requires adding and configuring Splunk's Common Information Model addon.
  • (Optional) Cisco XDR Automation support to export incident and other data to Splunk Cloud. This requires configuration of an HTTP Event Collector Token.

Note: A Splunk addon is available for the Cisco Security Cloud (CSC). Installing this addon provides enhanced integration with Cisco XDR. See Splunkbase for more information. Enabling the Splunk addon will allow for easy synchronization of Cisco XDR incident data with Splunk, and an XDR dashboard in the Splunk UI. All other integration capabilities mentioned above require the integration described below, not the Splunk CSC addon.

Capabilities
Automation
Automatic target creation for Cisco XDR automation
Health
Validates that the integration is healthy
Observe
Provides sightings for an observable
Regions
North America
Europe
Asia-Pacific, Japan & China
Installable workflows

These are workflows that you can install in Cisco XDR automation and use with this integration. These are different from built-in workflows which are built into Cisco XDR by default for all customers.

Logo for Splunk Cloud
Splunk - Search Network Events (generic) - Cisco XDR Incident
Community
This workflow enhances security management by automating the process of identifying and managing network security events using Splunk and Cisco XDR.
Learn more
Logo for Splunk Cloud
Splunk Cloud - Export Incident Summary to Index
Cisco Managed
This incident response workflow allows you to export a summary of an XDR incident to a Splunk Cloud index from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Splunk Cloud
Splunk Cloud - Run Search for Observable via Prompt
Community
This workflows will run a Search Query for an Observable in Splunk Cloud via the Pivot Menu.
Pivot Menu
Learn more
Built-in workflows

These workflows are built into Cisco XDR automation and can be used with this integration. These are different from installable workflows, which are optional workflows you can install from Cisco and its partners.

XDR - Close and Export Incident
Built-in actions

These actions can be used in Cisco XDR automation to build workflows for this product. Workflows can help you automate how you investigate, respond to incidents, and more.

Logo for Splunk Cloud
Splunk Cloud - Send JSON Event to HTTP Event Collector
Configuration details
Configuration guide
Configuration options