Lift Your Spirits With Splunk SOAR

Security Splunk
Halloween is just around the corner and we’re looking forward to trick-or-treating, donning our best costumes, and watching [scary] movies. A few of my favorite movies that I watch around Halloween time remind me of our most recent Splunk SOAR updates. Is that a stretch? Possibly. But hey it’s Halloween, let’s have some fun and I’ll try to make it as humerus as possible 💀

“SOAR With The Cloud In The Dead Of Night”

In A Nightmare Before Christmas (1993), Jack Skellington is bored of doing the same things every year for Halloween when he discovers and obsesses over a magical holiday he’s never heard of before: Christmas. Jack eventually realizes he doesn’t need to choose Christmas over Halloween and they can harmoniously coexist together.

Don’t have a Jack Skellington moment, where you feel stuck doing things one way because there are no other options. Similarly, Splunk SOAR was previously an on-premises only offering for customers, but is now available in the cloud. Now you have the flexibility and freedom to choose how you deploy SOAR and streamline your operations: from the cloud, on-premises or hybrid.

“We Did Some Coding For You, And Now You’re Fine”

In Hocus Pocus (1993), 17th century Salem witches — the Sanderson sisters — are inadvertently resurrected by a teenager named Max on Halloween night. Shenanigans ensue as the sisters try to retrieve their spellbook from Max and his crew whilst trying to navigate the 20th century.

If only the Sanderson sisters had a way to codify their spellbook so they wouldn’t have to worry about a bunch of teenagers ruining their plans to live forever. Thankfully, there’s a way to at least codify your security operations workflows using playbooks from Splunk SOAR.

With the new Visual Playbook Editor, you can create playbooks and scale automation using a simplified interface that makes automating security tasks easier and faster than ever, featuring:

“Edit Edit, Little App, SOAR UI Is Where It’s At”

In Death Becomes Her (1992), rivals Madeline and Helen fight for the affections of Ernest (a plastic surgeon turned mortician) and desperately drink a magic potion that promises eternal life and everlasting youth, just as long as they take care of themselves (i.e. not die a gruesome death). Not following that one simple rule, the women realize that they need Ernest’s skills in order to keep up with appearances — literally.

Madeline and Helen could’ve had an easier time with the upkeep and maintenance of their appearances if everything they needed to look youthful was located in one place. While it may not keep you youthful, the improvements to our SOAR app community and development will keep you in one place when searching for and building apps in Splunk SOAR.

First, Splunk SOAR apps are now available on Splunkbase. Search for SOAR apps amongst our extensive ecosystem of partner and community-built technical integrations across the Splunk portfolio, providing you with a one-stop shop to extend the power of SOAR.

Second, the new App Editor makes it easy to view, test, extend, and edit existing apps — and create entirely new apps — all from the SOAR user interface, featuring:

Register for our webinar, Automation for the Modern SOC: Splunk SOAR’s New App Editor, to see this in action.

Get Started And Reach Your SOAR Ghouls (Goals) 👻

Need a little more information before you get SOAR-ing?

Fangs for sticking with me 🧛

Happy Halloween and Happy Splunking! Alexa

----------------------------------------------------
Thanks!
Alexa Araneta

Related Articles

What Does Powering the Modern SOC Look Like in ANZ?
Security
3 Minute Read

What Does Powering the Modern SOC Look Like in ANZ?

Splunker Craig Bates dives into what powering the modern SOC looks like in Australia and New Zealand.
Detecting Remcos Tool Used by FIN7 with Splunk
Security
7 Minute Read

Detecting Remcos Tool Used by FIN7 with Splunk

The following is a walkthrough of Remcos executed via Attack Range Local. We will go over some of the multiple and intrusive operations this remote access tool can execute at compromised hosts.
Threat Update: Cyclops Blink
Security
6 Minute Read

Threat Update: Cyclops Blink

The Splunk Threat Research Team shares the latest on the payload named Cyclops Blink, which seems to target Customer Premise Equipment devices (CPE) generally prevalent in commercial and residential locations enabling internet connectivity.