Skip to main content
Splunk® SOAR (On-premises)

Get Started with the Splunk Mobile App for Splunk SOAR (On-premises)

Splunk® SOAR (On-premises)
5.3.1
As of version 6.4.0, the visual editor for classic playbooks is no longer part of Splunk SOAR. Before upgrading, convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

About the Splunk Mobile App for Splunk SOAR (On-premises)

The Splunk Mobile App now is available for Splunk SOAR (On-premises). You don't have to be in front of a laptop or desktop to take action during an urgent incident. You can use the Splunk Mobile App to view and respond to notifications, view dashboards, view event details, or run a playbook.

To get started with the Splunk Mobile App, perform the following administration and user tasks.

The Splunk Mobile app for Splunk SOAR (On-premises) only works with iOS devices, and does not support multi-tenancy.

Administration tasks

Perform the following administration tasks before using the Splunk Mobile App for Splunk SOAR (On-premises):

  1. Open the required ports. See Ports for connecting mobile devices to Splunk SOAR (On-premises) using Splunk Connected Experience apps in Install and Upgrade Splunk SOAR (On-premises).
  2. Enable the Mobile App registration feature. See Enable or disable registered mobile devices in Administer Splunk SOAR (On-premises).
  3. Check the status of ProxyD. See View the health of your Splunk SOAR (On-premises) system in Administer Splunk SOAR (On-premises).

User tasks

To use the app, you must be a registered user in the Splunk SOAR (On-premises) platform. Contact your Splunk SOAR (On-premises) admin about adding new users.

Perform the following tasks after an admin has completed the administration tasks:

  1. Install the app and register your mobile device. See Mobile device registration in Use Splunk SOAR (On-premises).
  2. Use the Splunk Mobile App. See Using the Splunk Mobile App for Splunk SOAR (On-premises) in Use Splunk SOAR (On-premises).

Limitations

You can't use the Splunk Mobile App with two-factor authentication. If you're using two-factor authentication, you see the following error in the WSGI log file: "phantom_ui.ui.shared.HttpError: This user requires two factor authentication. Access to REST API is denied."

Last modified on 31 January, 2025
 

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters