Troubleshoot pairing Splunk Enterprise Security with Splunk SOAR
Troubleshoot pairing Enterprise Security with Splunk SOAR. If your Splunk Enterprise Security should be paired with Splunk SOAR, but the Splunk SOAR Pairing page does not display either the successful pairing message, or a list of role mappings, do the following steps:
- Log into Splunk Enterprise Security. From the Splunk bar, select Settings, then Data Inputs.
- Find and select Create and Store SOAR JWK key pair.
- Look at the entry for main. If it is Enabled select Disable.
- Select main to open the settings.
- Set the Refresh time to
0
. - Select Save.
- On the entry for main select Enabled.
- Select main to open the settings.
- Set the Refresh time to
1296000
. - Select Save.
- Login in to Splunk SOAR to validate pairing.
Troubleshoot the display of the timeline visualization | Troubleshoot common issues when using Federated Analytics with Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0
Feedback submitted, thanks!