This tutorial shows you how to design a use case based on the incident lifecycle using Splunk, from ingesting to closing security events.
The incident lifecycle is intended for Cortex XSOAR (SOC) engineers or architects. The aim is to automate as much of the process as possible and leave the analyst to make accurate and confident decisions when needed.
By the end of this tutorial, you will have configured your Splunk integration, set up a basic flow, and started ingesting incidents from Splunk to Cortex XSOAR. The analyst can then start investigating an incident.
This tutorial includes the following topics.
Incident Lifecycle
Architect Flow
Analyst Flow
Prerequisites
Set up Your Splunk Integration Instance
Run a Playbook
Analyze Data