https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/integrating-splunk-with-xsoar/m-p/534979#M1911 <P>My understanding is that Splunk Cloud is the base installation (SaaS version) and Enterprise Security is an app that sits on top of the base installation.</P> <P>&nbsp;</P> <P>The Splunk integration is by default configured to fetch "notable" events which are a kind of event that is defined by the ES app, but the actual API that does the query used for fetching is a feature of the base Splunk and not ES.</P> <P>&nbsp;</P> <P>The Splunk integration has a lot of additional features (KV lookups, Mirroring, enrichment) that you can find described here:&nbsp;<A href="https://xsoar.pan.dev/docs/reference/integrations/splunk-py#splunk-enterprise-security-users" target="_blank">https://xsoar.pan.dev/docs/reference/integrations/splunk-py#splunk-enterprise-security-users</A>&nbsp;but for basic incident fetching all you need is the ability to execute queries against your Splunk cloud.</P> Mon, 20 Mar 2023 00:27:26 GMT chrking 2023-03-20T00:27:26Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/integrating-splunk-with-xsoar/m-p/534831#M1903 <P>Hi,</P> <P>&nbsp;</P> <P>Can someone help me with the below queries?</P> <P>We are in process of integrating splunk with XSOAR.<BR />It’s a cloud service and can be accessed via SplunkCloud and SplunkEnterpriseSecuritySuite.</P> <P>&nbsp;</P> <P>It should be integrated via SplunkCloud or SplunkEnterpriseSecuritySuite?<BR />What changes/configuration is needed at Splunk end to enable the integration.<BR /><BR />Thanks in advance</P> <P><LI-WRAPPER></LI-WRAPPER></P> Fri, 17 Mar 2023 10:34:47 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/integrating-splunk-with-xsoar/m-p/534831#M1903 DP696 2023-03-17T10:34:47Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/integrating-splunk-with-xsoar/m-p/534979#M1911 <P>My understanding is that Splunk Cloud is the base installation (SaaS version) and Enterprise Security is an app that sits on top of the base installation.</P> <P>&nbsp;</P> <P>The Splunk integration is by default configured to fetch "notable" events which are a kind of event that is defined by the ES app, but the actual API that does the query used for fetching is a feature of the base Splunk and not ES.</P> <P>&nbsp;</P> <P>The Splunk integration has a lot of additional features (KV lookups, Mirroring, enrichment) that you can find described here:&nbsp;<A href="https://xsoar.pan.dev/docs/reference/integrations/splunk-py#splunk-enterprise-security-users" target="_blank">https://xsoar.pan.dev/docs/reference/integrations/splunk-py#splunk-enterprise-security-users</A>&nbsp;but for basic incident fetching all you need is the ability to execute queries against your Splunk cloud.</P> Mon, 20 Mar 2023 00:27:26 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/integrating-splunk-with-xsoar/m-p/534979#M1911 chrking 2023-03-20T00:27:26Z