Splunk® Enterprise Security

Troubleshoot Splunk Enterprise Security

Troubleshoot pairing Splunk Enterprise Security with Splunk SOAR

Troubleshoot pairing Enterprise Security with Splunk SOAR. If your Splunk Enterprise Security should be paired with Splunk SOAR, but the Splunk SOAR Pairing page does not display either the successful pairing message, or a list of role mappings, do the following steps:

  1. Log into Splunk Enterprise Security. From the Splunk bar, select Settings, then Data Inputs.
  2. Find and select Create and Store SOAR JWK key pair.
  3. Look at the entry for main. If it is Enabled select Disable.
  4. Select main to open the settings.
  5. Set the Refresh time to 0.
  6. Select Save.
  7. On the entry for main select Enabled.
  8. Select main to open the settings.
  9. Set the Refresh time to 1296000.
  10. Select Save.
  11. Login in to Splunk SOAR to validate pairing.
Last modified on 04 November, 2024
Troubleshoot the display of the timeline visualization   Troubleshoot common issues when using Federated Analytics with Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters