Splunk Cloud Integration

The Splunk Cloud platform lets you investigate, monitor, analyze and act on your data with unprecedented insight, all from the cloud. Splunk experts manage your IT backend so you can focus on acting on your data, while the platform scales to your analytics needs. Make the most of all your data while maintaining privacy and compliance standards with our industry-certified platform.

The Splunk Cloud integration enables three outcomes:

  • A Splunk Cloud target in Cisco XDR Automation for automated workflows.

  • (Optional) In XDR Investigate, querying of security detections across Network Traffic, Malware, Data Loss Prevention, and Intrusion Detection CIM-compliant data for observables such as IP addresses, hostnames, file names, file paths, MD5 hashes, and SHA-256 hashes. Requires adding and configuring Splunk's Common Information Model addon.

  • (Optional) Cisco XDR Automation support to export incident and other data to Splunk Cloud. This requires configuration of an HTTP Event Collector Token.

Note: A Splunk addon is available for the Cisco Security Cloud (CSC). Installing this addon provides enhanced integration with Cisco XDR. See Splunkbase for more information. Enabling the Splunk addon will allow for easy synchronization of Cisco XDR incident data with Splunk, and an XDR dashboard in the Splunk UI. All other integration capabilities mentioned above require the integration described below, not the Splunk CSC addon.