The Splunk SOAR Push connector enables real-time streaming of OpenCTI incidents and containers to Splunk SOAR (formerly Phantom). It automatically pushes and converts OpenCTI incidents into SOAR events, and transforms OpenCTI containers (reports, groupings, cases) into SOAR cases with full entity resolution. The connector maps threat intelligence entities, observables, and indicators to SOAR artifacts, enabling seamless push integration from OpenCTI threat intelligence management to Splunk SOAR security orchestration, automation and response workflows.
