Splunk® SOAR (Cloud)

Administer Splunk SOAR (Cloud)

The visual editor for classic playbooks is now removed. Convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:

Pair Splunk SOAR (Cloud) with Splunk Enterprise Security

Pair your Splunk SOAR (Cloud) instance with your Splunk Enterprise Security (Cloud) version 8.x instance to add the automation capabilities of Splunk SOAR (Cloud) to the security analytics of Splunk Enterprise Security (Cloud) version 8.x .

Coordinate with your Splunk Enterprise Security administrator and Splunk administrator to perform the pairing.

Provide the administrators with the following Splunk SOAR (Cloud) information:

  • IP address, for the Splunk Cloud Platform IP allow list
  • Base URL (https://example.soar.splunk.com)
  • Login credentials (username and password)

The Splunk Enterprise Security admin might contact you about an error in the pairing process. Possible issues include:

  • The Splunk SOAR (Cloud) version is not compatible with this version of Splunk Enterprise Security (Cloud) version 8.x . You might need to upgrade your Splunk SOAR (Cloud) deployment.
  • The credentials entered for pairing were not correct. You might need to verify the Splunk SOAR (Cloud) credentials.
  • The Splunk Enterprise Security (Cloud) version 8.x IP address is not included in the Splunk SOAR (Cloud) allow list. Contact Splunk Support to update the allow list.

The following users and roles manage the pairing of Splunk SOAR (Cloud) and Splunk Enterprise Security (Cloud) version 8.x. Do not assign the roles to user accounts or modify these users; es_soar_integration_role, es_automation_user, es_integration_user

See also

Last modified on 28 March, 2025
Administer   Reset the admin password

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters