--- title: "Splunk SOAR Integration" slug: "splunk-soar" description: "Silent Push has a Splunk SOAR app that allows users to utilize Silent Push data within Splunk workflows." tags: ["Integration", "Plug-ins", "SOAR", "splunk"] updated: 2026-01-08T17:51:12Z published: 2026-01-08T17:51:12Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # Splunk SOAR Integration The Silent Push Splunk security orchestration, automation, and response (SOAR) connector integrates Silent Push’s threat intelligence into Splunk SOAR, enhancing customers’ SOAR workflows. This connector acts as a bridge between Splunk SOAR and Silent Push, allowing users to leverage actionable threat intelligence for proactive threat detection, analysis, and response. ## Key Features The Silent Push Splunk SOAR connector provides access to the following data types: - **Domain and IP information**: Includes risk scores, live WHOIS data, and certificate details to assess the security posture of domains and IPs. - **Reputation data**: Provides insights into the trustworthiness of ASNs, nameservers, and subnets. - **Enrichment data**: Offers comprehensive details for domains, IPv4, and IPv6 addresses, including DGA probability, Alexa rank, registration details, and security flags. - **Passive DNS (PADNS) data**: Enables access to passive DNS records, enriched metrics like IP diversity, and support for forward/reverse PADNS lookups and density lookups. - **Infratag details**: Delivers infrastructure tag information, with optional clustering, to analyze domain-related connections. - **Indicators of Future Attack (IOFA) Feeds**: Supplies feeds for proactive threat detection and attack prevention. - **URL scanning**: Supports live URL scans to retrieve metadata and capture screenshots for threat analysis. - **Scan data**: Allows querying Silent Push's scan data repositories using SPQL syntax. ## Benefits The Silent Push Splunk SOAR integration delivers the following advantages: - Directly integrates Silent Push's threat intelligence into Splunk SOAR workflows. - Streamlines analysis by automatically enriching domains, IPs, and other indicators with risk scores and contextual data. - Accelerates decision-making with enriched threat intelligence, enabling faster and more effective responses. - Provides real-time URL metadata and screenshots to support threat investigations. - Leverages IOFA feeds to identify and prevent potential attacks before they occur. - Ensures compatibility with diverse security tools and workflows. ### Requirements To use the Splunk SOAR connector, you will need: - **Silent Push API Key**: A valid API key from a Silent Push account is required to authenticate the connector. - **Splunk SOAR environment**: Users need access to Splunk SOAR to install the connector. - **Splunk SOAR version**: The minimum product version supported is 6.2.0. For more information about the Splunk SOAR integration, like how to install the integration in the Splunk app, go to [Splunk Splunkbase](https://splunkbase.splunk.com/app/7380).