SIR integration with Splunk SOAR

ayanghayas · ‎08-25-2023

Hello
I'm looking to do a custom integration with Splunk SOAR, as there is NO available add-on for SIR integration with Splunk SOAR.

Can anyone tell if doing a custom bi-directly integration between SIR and Splunk SOAR requires any special license entitlements? Will a standard IRM license be suffice or additional entitlements are required?

Kireetivvs · ‎08-27-2023

Hello,
Here are the available integrations of SIR with Splunk:

Splunk ES Integration for Security Operations
Splunk Enterprise Event Ingestion for Security Operations

and if you are looking for Splunk add-on's with SIR here are some: Link

ayanghayas · ‎08-28-2023

Thanks Kireet3 for sharing the links. There currently is NO add-on for Splunk SOAR. That indicates that it will require a custom integration. Can you guide me on any pre-requisite for creating the custom bi-directional integration between Splunk SOAR and SIR.
1) Does it require having an integration hub subscription?
2) Will any higher SerivceNow SIR license be required or SIR Standard will be sufficient?

Jess · ‎10-23-2024

Hi,

I know this was a while ago, but was wondering if you managed to do a bi-directional integration? I've been asked to do it on a project and am trying to find out more information.