Prepare to configure services for
Splunk App for SOAR includes these services, which require configuration:
- Remote search: This service allows you to use an external Splunk Cloud Platform or Enterprise environment as the main search engine for Splunk SOAR environments.
- SOAR System Logs: This service allows you to monitor the health of your Splunk SOAR (On-premises) environments.
- Auditing: This service allows you to forward SOAR system log files using Splunk Universal Forwarder to an external Splunk instance to create dashboards to monitor the health of your Splunk SOAR (On-premises) environments.
- REST API commands: This service allows you to issue REST API commands to Splunk SOAR environments.
You must make sure each service is configured individually. If you don't need a service, you don't have to configure it. Only configure the services you need.
Assign roles for Splunk App for SOAR | Provide a valid SSL certificate for the connection between Splunk SOAR and Splunk Enterprise |
This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41, 1.0.57, 1.0.67
Feedback submitted, thanks!