Splunk Cloud Integration

The Splunk Cloud Platform lets you investigate, monitor, analyze and act on your data with unprecedented insight, all from the cloud. Splunk experts manage your IT backend so you can focus on acting on your data, while the platform scales to your analytics needs. Make the most of all your data while maintaining privacy and compliance standards with our industry-certified platform.

When you configure the Splunk Cloud integration, a target will become available in XDR automation for automated workflows. If you configure an HTTP Event Collector Token, you can use XDR Automation to export incident data to Splunk Cloud (this is optional).

Note: A Splunk addon is available for the Cisco Security Cloud. Installing this addon provides enhanced integration with Cisco XDR. See Splunkbase for more information. Enabling the Splunk addon will allow for synchronization of incident data with Cisco XDR, however, enabling this integration in XDR is still required to use Splunk-related workflows in XDR Automation.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Cisco tab and navigate to the Splunk Cloud integration.

  3. Click Get Started. The Splunk Cloud integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Splunk Cloud integration in Cisco XDR.

You can perform the following tasks after you integrate Splunk Cloud with Cisco XDR:

  • Automation Workflows - The Splunk Cloud target is automatically created for out-of-box and custom workflows. See Targets Created From Integrations.

  • Playbooks - An Automation system workflow included in the Cisco Managed Incident Playbook can be used to close and export an incident. See Recovery Tasks and Workflows on the Response page.

  • Exchange - A workflow from Exchange can be used to send an incident to Splunk Cloud. See Exchange.

  • Atomic Actions - The atomic actions that search and retrieve in Splunk Cloud can be used as building blocks in workflows for threat hunting. See Atomic Actions.