Splunk® App for Edge Hub and Augmented Reality

Splunk AR: Install and Use Splunk App for Edge Hub and Splunk AR

Acrobat logo Download manual as PDF


The Splunk App for AR is a required companion app for the Splunk AR mobile app. To learn more, see About the Splunk App for AR.
This documentation does not apply to the most recent version of Splunk® App for Edge Hub and Augmented Reality. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Workflow Automation Security

Mobile devices securely communicate with Splunk SOAR instances through Spacebridge and Splunk Secure Gateway. After an administrator configures Splunk SOAR in Splunk Secure Gateway, users can authenticate their devices. After device authentication, devices communicate with Splunk SOAR through Spacebridge.

To learn more about Spacebridge, see About the Splunk Secure Gateway security process.

Workflow Automation device authentication

Spacebridge is an end-to-end encrypted intermediary component between the mobile device, your Splunk platform instance, and Splunk SOAR. By using Spacebridge and Splunk Secure Gateway, mobile devices never directly connect to your Splunk SOAR instance.

Because your Splunk platform instance communicates with Splunk SOAR through HTTP, your Splunk platform instance and Splunk SOAR must be on the same network or Virtual Private Cloud (VPC). Or, you must allow traffic between your Splunk platform instance and Splunk SOAR in your network security group settings.

The following diagram illustrates how mobile devices authenticate to your Splunk SOAR instance:

This diagram shows how mobile devices authenticate to your Splunk SOAR instance.

Here's how mobile devices authenticate to Splunk SOAR:

  1. An admin configures Splunk SOAR in Splunk Secure Gateway to enable Workflow Automation. See Enable Workflow Automation.
  2. The device gets an authentication code from Spacebridge.
  3. The device sends its public keys and device ID to Spacebridge.
  4. The user enters their Splunk SOAR credentials in the Splunk AR mobile app.
  5. The client device makes a device registration request to Splunk Secure Gateway through Spacebridge.
  6. Spacebridge propagates the authentication request to Splunk Secure Gateway.
  7. Splunk Secure Gateway validates the Splunk SOAR configuration.
  8. Splunk Secure Gateway makes a registration request on behalf of the client device to Splunk SOAR using the device authentication code.
  9. Splunk SOAR sends a confirmation code to Splunk Secure Gateway.
  10. Splunk Secure Gateway confirms registration using the confirmation code and Splunk SOAR credentials.
  11. Splunk SOAR sends its client ID to Splunk Secure Gateway.
  12. Splunk Secire Gateway sends the Splunk SOAR Client ID to Spacebridge.
  13. Spacebridge sends the Splunk SOAR client ID to the device. This completes authentication.

Workflow Automation message exchange

Mobile devices communicate with Splunk SOAR using Spacebridge, the same way Splunk AR users register to a Splunk platform instance. Splunk AR users must authenticate to a Splunk platform instance during initial device registration. Workflow Automation uses this existing connection to facilitate device authentication to Splunk SOAR. Using the existing connection means that users and Splunk SOAR administrators don't need to exchange authentication codes. It also doesn't require the user to be on a network that can directly access Splunk SOAR, which allows you to maintain a more secure set of networking ruless.


This diagram shows how mobile devices and your Splunk SOAR instance exchange messages.

These are the steps that occur during a message exchange between the client device and Splunk SOAR:

  1. When the user makes a message request, which loads a list of playbooks, the client encrypts and signs the message.
  2. The client routes the encrypted and signed message to Spacebridge.
  3. Spacebridge validates the message signature.
  4. Spacebridge routes the encrypted and signed message to Splunk SOAR.
  5. Splunk SOAR validates the signature and decrypts the message.
  6. Splunk SOAR processes the message and creates a response.
  7. Splunk SOAR signs and encrypts the response.
  8. Splunk SOAR sends the encrypted and signed response to Spacebridge.
  9. Spacebridge validates the response signature.
  10. Spacebridge routes the encrypted and signed response to the client.
  11. The client validates the response signature and decrypts the response.
  12. The client processes the response.
Last modified on 21 July, 2023
PREVIOUS
Manage playbooks in the Splunk AR mobile app
  NEXT
Configure the Splunk App for AR

This documentation applies to the following versions of Splunk® App for Edge Hub and Augmented Reality: 1.0.0, 1.10.0, 1.2.0, 1.2.1, 1.3.0, 1.4.1, 2.0.0, 2.0.2, 2.1.0, 3.0.0, 3.0.1, 4.0.0, 4.0.1, 4.1.1, 4.1.2, 4.2.1, 4.2.2, 4.3.0, 4.3.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters