Splunk SOAR + TruSTAR

Accelerate phishing response through priority scoring


Splunk SOAR playbooks become even more powerful with the addition of TruSTAR Intelligence Management

automatically analyze and respond to phishing attacks 

TruSTAR for Splunk SOAR ingests user-reported suspicious emails, extracts observables and enriches them with open source, commercial intelligence feeds, and internal historical data. TruSTAR then calculates a normalized score for each Indicator and applies a priority score to each email for automated response.


Download the Product Brief

SOAR video
Enrich Playbooks & Operationalize Investigations

How It Works


Integration Capabilities

Accelerate automation by setting up playbooks that utilize the context of TruSTAR’s Intelligence Reports and Indicators

star icon

Normalize Intelligence

Obtain prepared and normalized intelligence for faster triage and more streamlined playbooks

star icon

Inform Playbooks

Use Indicator normalized scores, attributes and properties aggregated by TruSTAR in Splunk SOAR playbooks
star icon

Utilize Whitelists

Send observables from Splunk SOAR to TruSTAR Whitelists to automatically remove them from your SIEM

SOAR Playbooks
Simplify Playbook Enrichment


By managing all of your intelligence sources and preparing your data in a single platform, TruSTAR increases the fidelity and usability of Splunk SOAR automated playbooks. The comparison of Figure A and Figure B shows how Splunk SOAR playbooks can be streamlined with TruSTAR by providing a single unified API for enrichment based on normalized intelligence.

Operationalize investigation results in SIEM tools


By sending Splunk SOAR investigations to your TruSTAR Enclave, TruSTAR’s SIEM integrations will automatically add malicious observables to detection sets and remove whitelisted observables from detection sets.

Enrich noteable events
Already a TruSTAR customer?


Configure Your Splunk SOAR Integration now 

Contact Sales To Get Started