About the Content Pack for SOAR System Logs

Note: The Content Pack for SOAR System Logs is a replacement for the Content Pack for Monitoring Phantom as a Service.

The Content Pack for SOAR System Logs provides an IT Service Intelligence (ITSI)-based approach to monitoring the health of your SOAR server environment. SOAR (Security Orchestration, Automation, and Response) is a platform designed to help reduce the scale of your security operations. With SOAR, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting.

This content pack contains specific Key Performance Indicators (KPIs) for monitoring SOAR metrics. Because each SOAR deployment includes an embedded copy of Splunk Enterprise with dedicated functionality tied to SOAR, a Splunk universal forwarder installed on the SOAR servers takes care of monitoring the environment.

Content pack contents

The Content Pack for SOAR System Logs contains preconfigured ITSI objects, including services and KPIs, that you can tune for your specific needs. This content pack contains the following objects:

Two services:

  • Splunk App for SOAR - OS Metrics
  • Splunk App for SOAR - System Health

Two deep dives:

  • Splunk App for SOAR - OS Metrics
  • Splunk App for SOAR - System Health

ITSI support

The Content Pack for SOAR System Logs is only supported in ITSI. It is not supported for Splunk IT Essentials Work.

Deployment requirements

Use the following table to determine ITSI version compatibility.

Splunk App for Content Packs version ITSI version SOAR Content Pack version Splunk App for SOAR version
1.8.0 4.11.4 or higher 1.0.0 or higher 1.0.0 or higher