Skip to main content
Question

SecOps Alerts Forwarding to Splunk

  • April 2, 2026
  • 3 replies
  • 13 views
lifeofmorpheus
Forum|alt.badge.img

Hi,

I am relatively new to Google SecOps/SOAR.  

 

The use case is to integrate SecOps SIEM with Splunk to enable the ability to have alerts triggered in SecOps to be forwarded to Splunk ( currently being used by the SOC ).  Basically, as part of the operations migration, the requirement is to have the SOC receiving the alerts as the log sources continue to be migrated to Google SecOps.

I have had a look at the Splunk App under Response Integration ( Splunk Integration ) but based on my understanding, it looks to support curating or forwarding alerts from Splunk towards Google SecOps - instead of the other way round.

 

Please, anyone have an idea on how this use case can be achieved?

3 replies

cmorris
Staff
Forum|alt.badge.img+11
  • cmorris
  • Staff
  • April 2, 2026

You are correct, the Splunk integration is for ingesting alerts from Splunk into SecOps SOAR. For your use case have you checked the Chronicle app for Splunk - https://splunkbase.splunk.com/app/5959?

lifeofmorpheus
Forum|alt.badge.img

You are correct, the Splunk integration is for ingesting alerts from Splunk into SecOps SOAR. For your use case have you checked the Chronicle app for Splunk - https://splunkbase.splunk.com/app/5959?

thank you.  Unfortunately, that solution is Splunk SOAR actions for SecOps.

Not particularly the solution for this use case.

cmorris
Staff
Forum|alt.badge.img+11
  • cmorris
  • Staff
  • April 2, 2026

I would take a look at creating a playbook (or adding to an existing playbook) that takes your SecOps alerts and uses the HTTP v2 integration to push the alert to Splunk via a Splunk HTTP Event Collector.

    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.