Provides Splunk SOAR integration for the NCSA BHR API to null-route traffic from malicious domains.
Adds a playbook action called 'block' to Splunk SOAR playbooks.
Depends on Python BHR Client
This product is supported by Cybersecurity on a best-effort basis.
As of the last update to this README, the expected End-of-Life and End-of-Support dates of this product are October 2025.
End-of-Life was decided upon based on these dependencies:
- Python 3.9 (31 October 2025)
- Splunk SOAR Cloud (Unknown)
Set the environment variables SOAR_TOKEN
and SOAR_URL
, then run make deploy
.
Alternately, fork the repository and add the token as CICD_GITHUB_AUTOMATION
and the URL as SOAR_URL
to use GitHub Actions for automated deployment.
Create an API access token in your instance of BHR Site.
Deploy this app to your Splunk SOAR instance.
After deployment, find the app in Unconfigured Apps
, hit Configure App
, and set the necessary Environment Variables
under Advanced
.
This app requires the same two environment variables as BHR Client:
BHR_HOST
.BHR_TOKEN
.