Splunk® Enterprise Security

Administer Splunk Enterprise Security

Configure apps and assets in Splunk SOAR

Apps expand the capabilities of Splunk SOAR by connecting to third-party products and services. These third-party products and services provide actions you can run or automate in your Splunk SOAR playbooks. For example, the MaxMind app provides the geolocate_ip action for your Splunk SOAR deployment.

An asset is a specific configuration, or instance, of an app. An asset is configured with the information required to communicate with the third-party product or service, such as IP address, automation service account, username, and password.

See also

For details on apps and assets in Splunk SOAR, see Add and configure apps and assets to provide actions in Splunk SOAR (Cloud) in the Administer Splunk SOAR (Cloud) documentation.

Last modified on 17 September, 2024
Configure automation rules to run playbooks based on findings in Splunk Enterprise Security   Create playbooks in Splunk SOAR

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters