Splunk® App for SOAR

Install and Configure Splunk App for SOAR

Prepare to configure services for

Splunk App for SOAR includes these services, which require configuration:

  • Remote search: This service allows you to use an external Splunk Cloud Platform or Enterprise environment as the main search engine for Splunk SOAR environments.
  • SOAR System Logs: This service allows you to monitor the health of your Splunk SOAR (On-premises) environments.
  • Auditing: This service allows you to forward SOAR system log files using Splunk Universal Forwarder to an external Splunk instance to create dashboards to monitor the health of your Splunk SOAR (On-premises) environments.
  • REST API commands: This service allows you to issue REST API commands to Splunk SOAR environments.

You must make sure each service is configured individually. If you don't need a service, you don't have to configure it. Only configure the services you need.

Last modified on 27 June, 2022
Assign roles for Splunk App for SOAR   Provide a valid SSL certificate for the connection between Splunk SOAR and Splunk Enterprise

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41, 1.0.57, 1.0.67, 1.0.71


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters