IntSights App for Splunk SOAR (Phantom)

The IntSights Splunk App for Splunk SOAR is an integration between Rapid7 Threat Command (Threat Command) and the following Splunk products:

  • Splunk SOAR on-prem
  • Splunk SOAR Cloud

The integration enables Splunk users to import IOCs, alerts, and vulnerabilities (CVEs) from Threat Command and to correlate them in the Splunk environment. Imported values are automatically updated in Splunk enabling a single pane of glass view.

This section describes how to install and configure the IntSights Splunk App for Splunk SOAR.

This section assumes familiarity with both the Splunk SOAR platform and Rapid7 Threat Command.