After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Pair Splunk SOAR with Splunk Enterprise Security
Pair your Splunk SOAR instance with your Splunk Enterprise Security instance to add the automation capabilities of Splunk SOAR to the security analytics of Splunk Enterprise Security.
Coordinate with your Splunk Enterprise Security administrator and Splunk administrator to perform the pairing.
Provide the administrators with the following Splunk SOAR information:
- IP address, for the Splunk Cloud Platform IP allow list
- Base URL (https://example.soar.splunk.com)
- Login credentials (username and password)
The Splunk Enterprise Security admin might contact you about an error in the pairing process. Possible issues include:
- The Splunk SOAR version is not compatible with this version of Splunk Enterprise Security. You might need to upgrade your Splunk SOAR deployment.
- The credentials entered for pairing were not correct. You might need to verify the Splunk SOAR credentials.
- The Splunk Enterprise Security IP address is not included in the Splunk SOAR allow list. Contact Splunk Support to update the allow list.
The following users and roles manage the pairing of Splunk SOAR and Splunk Enterprise Security. Do not use or modify them. es_automation_user, es_integration_user, es_soar_integration_role
See also
For details on the pairing process, see Pair Splunk Enterprise Security with Splunk SOAR in the Administer Splunk Enterprise Security documentation.
For information on troubleshooting pairing in Enterprise Security, see Troubleshoot pairing Splunk Enterprise Security with Splunk SOAR in the Troubleshoot Splunk Enterprise Security documentation.
| Administer | Reset the admin password |
This documentation applies to the following versions of Splunk® SOAR (Cloud): current
Download manual
Feedback submitted, thanks!