This is a sample app built with the Splunk SOAR SDK.
To learn more about the SDK, check out our presentation at .conf25!
- Mac or Linux development machine
- uv with Python 3.9 and 3.13 installed
Visual Studio Code is recommended, to take full advantage of the Run and Debug Configurations we've provided. However, any editor or IDE will work.
Installing the SOAR CLI globally is also helpful: uv tool install splunk-soar-sdk.
- Clone the repo and open it in your editor.
- Install dependencies:
uv sync - Copy
test_asset.example.jsontotest_asset.jsonand fill in your CrowdStrike API credentials. - Activate the virtual environment:
source .venv/bin/activate
python src/app.py action <action_name> -a <asset_filename> -p <parameter_filename>
We've added run configurations to make this easier in Visual Studio Code. Simply use the Run and Debug panel to run an action.
soarapps package build
You can install this package on any version of Splunk SOAR, 6.2.2 or later.
src/app.py: Entry point of the app, contains all the app metadata, as well as each action.src/params.py: Data structures for the inputs of each action.src/outputs.py: Data structures for the outputs of each action.test_params/: Pre-filled parameters for testing actions from the CLI or VS Code..vscode/launch.json: VS Code launch configs for each action.