Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/techservicesillinois/secops-splunk-null-router

null router app for Splunk SOAR
https://github.com/techservicesillinois/secops-splunk-null-router

Last synced: 2 months ago
JSON representation

null router app for Splunk SOAR

Awesome Lists containing this project

README 

          
# About



Provides Splunk SOAR integration for the [NCSA BHR API][3] to null-route traffic from malicious domains.



Adds a playbook action called 'block' to Splunk SOAR playbooks.



Depends on [Python BHR Client][4]



[3]: https://github.com/ncsa/bhr-site

[4]: https://github.com/ncsa/bhr-client



## Support



This product is supported by Cybersecurity on a best-effort basis.



As of the last update to this README, the expected End-of-Life and End-of-Support dates of this product are October 2025.



End-of-Life was decided upon based on these dependencies:



    - Python 3.9 (31 October 2025)

    - Splunk SOAR Cloud (Unknown)



## Manual Deployment



Set the environment variables `SOAR_TOKEN` and `SOAR_URL`, then run `make deploy`.



## Automated Deployment



Alternately, fork the repository and add the token as `CICD_GITHUB_AUTOMATION` and the URL as `SOAR_URL` to use GitHub Actions for automated deployment.



## Configuring in SOAR



1. Create an API access token in your instance of [BHR Site][3].

2. [Deploy this app](#manual-deployment) to your Splunk SOAR instance.



3. After deployment, find the app in `Unconfigured Apps`, hit `Configure App`, and set the necessary `Environment Variables` under `Advanced`.



This app requires the same two environment variables as [BHR Client][4]:



- Add the full URL to your BHR server as `BHR_HOST`.

- Add the access token you created to `BHR_TOKEN`.