Prepare to install the Splunk SOAR Automation Broker
Use the Splunk SOAR Automation Broker to run actions from Splunk SOAR (Cloud) in your on-premises environment. You can also use the Splunk SOAR Automation Broker to connect assets in a complex network to a Splunk SOAR (On-premises) instance. To view a diagram of how the Splunk SOAR Automation Broker works, see About the Splunk SOAR Automation Broker.
Number | Task | Description |
---|---|---|
1 | Set up either a Docker or Podman host |
Your host must be running a containerization solution in order to use the container that runs the Splunk SOAR Automation Broker. You must have either:
For best practices, host the Splunk SOAR Automation Broker on a different host than your deployment of Splunk SOAR (On-premises). |
2 | Complete the prerequisites |
|
3 | Install the Automation Broker on your Docker or Podman host |
|
Installation prerequisites
Before you install the Splunk SOAR Automation Broker, make sure that you meet the following prerequisites:
- Your host must be running Docker or Podman and Docker Compose in order to support the container for the Splunk SOAR Automation Broker.
- If you intend to user Docker as your containerization solution, search for "Download and Install" on the Docker website.
- If you intend to use Podman as your containerization solution, search for "Get Started" on the Podman website.
- Your user account must be a member of the "docker" permissions group on the docker host. Search for "docker permissions" on the Docker website for more information.
- You must be, or be working with, a Splunk SOAR administrator. This is the person in your organization who is responsible for adding new users and configurations to your Splunk SOAR (Cloud) or Splunk SOAR (On-premises) deployment.
- You need the <PHANTOM_BASE_URL> which is the URL to your Splunk SOAR deployment. Find the <PHANTOM_BASE_URL> in Splunk SOAR from the Home menu then Administration then Company Settings then Info in the Base URL for Splunk SOAR field.
- If you use a proxy server for outgoing traffic, you need the IP address and port for your HTTPS or HTTP proxy server.
- Conditional: Splunk SOAR (On-premises) users, reset the stored version information about the Splunk SOAR Automation Broker by doing these steps:
- Using SSH, log in to your Splunk SOAR (On-premises) deployment as the user account that runs Splunk SOAR (On-premises).
- Run the following commands:
<$PHANTOM_HOME>/bin/phenv python <$PHANTOM_HOME>/www/manage.py change_ab_version --no-ab-version
<$PHANTOM_HOME>/bin/phsvc reload uwsgi
Splunk SOAR Automation Broker system requirements | Install Splunk Automation Broker on a Docker host |
This documentation applies to the following versions of Splunk® Automation Broker: current
Feedback submitted, thanks!