Automation & SOAR • Room 3

SOAR Playbooks

Splunk SOAR (Security Orchestration, Automation, and Response) executes python-based playbooks to automate responses across dozens of tools.

A playbook can automatically extract a URL from a Notable, send it to VirusTotal, and if malicious, block it on a Palo Alto firewall—taking less than 2 seconds.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

Extracts IP address from SPL payload

Queries external Threat Intel (VirusTotal)

If Malicious = True, execute block

Issues API call to firewall to drop IP

Data Parsing

Enrichment

Decision Logic

Response Action