For details, see:
Pair Splunk SOAR (Cloud) with Splunk Enterprise Security
Pair your Splunk SOAR (Cloud) instance with your Splunk Enterprise Security (Cloud) version 8.x instance to add the automation capabilities of Splunk SOAR (Cloud) to the security analytics of Splunk Enterprise Security (Cloud) version 8.x .
Coordinate with your Splunk Enterprise Security administrator and Splunk administrator to perform the pairing.
Provide the administrators with the following Splunk SOAR (Cloud) information:
- IP address, for the Splunk Cloud Platform IP allow list
- Base URL (https://example.soar.splunk.com)
- Login credentials (username and password)
The Splunk Enterprise Security admin might contact you about an error in the pairing process. Possible issues include:
- The Splunk SOAR (Cloud) version is not compatible with this version of Splunk Enterprise Security (Cloud) version 8.x . You might need to upgrade your Splunk SOAR (Cloud) deployment.
- The credentials entered for pairing were not correct. You might need to verify the Splunk SOAR (Cloud) credentials.
- The Splunk Enterprise Security (Cloud) version 8.x IP address is not included in the Splunk SOAR (Cloud) allow list. Contact Splunk Support to update the allow list.
The following users and roles manage the pairing of Splunk SOAR (Cloud) and Splunk Enterprise Security (Cloud) version 8.x. Do not assign the roles to user accounts or modify these users; es_soar_integration_role, es_automation_user, es_integration_user
About pairing Splunk SOAR (Cloud) to Splunk Enterprise Security between restricted environments
Splunk SOAR (Cloud) is available for restricted environments, such as FedRAMP Moderate. Splunk Enterprise Security 8.x releases are available for FedRAMP Moderate (IL2), and for FedRAMP High. Both platforms are also available in commercial environments.
Pairing Splunk SOAR to Splunk Enterprise Security of different restriction levels may result in compliance boundary violations. Consult the table below for possible combinations.
Platform | Pair to | Possible Boundary Compliance Violation |
---|---|---|
Splunk SOAR (unrestricted) | Splunk Enterprise Security (unrestricted) | No |
Splunk SOAR (unrestricted) | Splunk Enterprise Security 8.x FedRAMP Moderate | Yes |
Splunk SOAR (unrestricted) | Splunk Enterprise Security 8.x FedRAMP High | Yes |
Splunk SOAR FedRAMP Moderate | Splunk Enterprise Security (unrestricted) | Yes |
Splunk SOAR FedRAMP Moderate | Splunk Enterprise Security 8.x FedRAMP Moderate | No |
Splunk SOAR FedRAMP Moderate | Splunk Enterprise Security 8.x FedRAMP High | Yes |
See also
- For details on the pairing process, see Pair Splunk Enterprise Security with Splunk SOAR in the Administer Splunk Enterprise Security documentation.
- For information on troubleshooting pairing in Enterprise Security, see Troubleshoot pairing Splunk Enterprise Security with Splunk SOAR in the Troubleshoot Splunk Enterprise Security documentation.
- For details on configuring authentication settings in Splunk SOAR and managing Splunk SOAR user accounts and roles while pairing , see Configure single sign-on authentication for .
- For information on using Splunk SOAR in restricted environments, such as FedRAMP Moderate, see in restricted environments.
Administer | Reset the admin password |
This documentation applies to the following versions of Splunk® SOAR (Cloud): current
Feedback submitted, thanks!