This Automation script uses the XSOAR API to get the audit logs and pushes them to Splunk HEC. Dependencies: SlunkPy and Core REST API integrations.
Forward XSOAR Audit Logs to Splunk HEC
- Details
- Content
- Dependencies
- Version History
This automation script takes a timeframe as input fetches the audit logs for the defined period. Then it pushes them to Splunk HEC.
Automations
| Name | Description |
|---|---|
| ForwardAuditLogsToSplunkHEC |
Automations
| Name | Description |
|---|---|
| ForwardAuditLogsToSplunkHEC | This Automation script uses the XSOAR API to get the audit logs and pushes them to Splunk HEC. Dependencies: SlunkPy and Core REST API integrations. |
Required Content Packs (3)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Cortex REST API | By: Cortex XSOAR |
| Splunk | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (12)
| Pack Name | Pack By |
|---|---|
| Cortex REST API | By: Cortex XSOAR |
| Common Playbooks | By: Cortex XSOAR |
| Malware Core | By: Cortex XSOAR |
| Splunk | By: Cortex XSOAR |
| Identity | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
| Common Types | By: Cortex XSOAR |
| Asset | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| Rasterize | By: Cortex XSOAR |
| Access Investigation | By: Cortex XSOAR |
| Filters And Transformers | By: Cortex XSOAR |
1.0.0 - 6367558 (October 13, 2021)
This automation script takes a timeframe as input fetches the audit logs for the defined period. Then it pushes them to Splunk HEC.
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Supported By | Community | |
| Created | October 13, 2021 | |
| Last Release | December 20, 2023 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
