Steps to connect the Splunk platform with Splunk SOAR
Before you can use Splunk App for SOAR Export, you must establish a connection between the Splunk platform and Splunk SOAR. Perform the following tasks to make the connection:
- If you don't have Splunk Enterprise Security (ES), download and install the Splunk Common Information Model (CIM) app from Splunkbase.
- Enable Splunk platform users to use Splunk App for SOAR Export.
- Provide a valid SSL certificate for the connection between Splunk SOAR and Splunk Enterprise.
- Connect Splunk App for SOAR Export and the Splunk Platform to Splunk SOAR.
- (Optional) If you have Splunk Enterprise Security, Run adaptive response actions in Splunk ES to send notable events to Splunk SOAR.
This documentation applies to the following versions of Splunk® App for SOAR Export: 4.1.117, 4.1.135, 4.2.3, 4.3.2
Feedback submitted, thanks!