Check prerequisites for Splunk App for SOAR Export on Splunk Cloud Platform
Verify that your environment is ready to use the Splunk App for SOAR Export to integrate Splunk SOAR with your Splunk deployment.
Required user privileges and ports
Verify the following user privileges and ports:
- By default, Splunk SOAR must have TCP ports 443 and 8089 open to and from Splunk Enterprise Security (ES) search heads.
If you are using other TCP ports to connect to Splunk Enterprise Security search heads, substitute those ports. Be consistent with the substituted TCP port numbers. - In your on-premises deployment, verify that you have the necessary network availability among all devices.
Splunk product compatibility matrix
Use this matrix to determine the compatibility of the Splunk App for SOAR Export with certain versions of Splunk Cloud Platform or Splunk Enterprise and Splunk SOAR (Cloud) or Splunk SOAR (On-premises). You can use all versions that appear in a single row interchangeably. Splunk Enterprise Security is not required for Splunk App for SOAR Export.
Notations like Splunk Enterprise Security versions 6.5.1, 6.5.x mean that Splunk Enterprise Security version 6.5.1 or any 6.5.x release later than 6.5.1 is required.
Splunk App for SOAR Export version | Splunk Enterprise version | Splunk Cloud Platform version | Splunk Enterprise Security version | Splunk SOAR (On-premises) version | Splunk SOAR (Cloud) Version |
---|---|---|---|---|---|
4.2.3 (CIM version 5.1.1) |
9.1.0.2 | 9.0.2305, 9.0.2303 | 7.1.1 | 6.1.1 | 6.1.1 |
9.1.0 | 9.0.2305, 9.0.2303 | 7.1.1 | 6.1.0 | 6.1.0 | |
9.1.0, 9.0.5 | 9.0.2305, 9.0.2303 | 7.1.1 | 6.0.2 | 6.0.2 | |
9.1.0, 9.0.4 | 9.0.2209, 9.0.2305, 9.0.2303 | 7.1.1 | 6.0.1, 6.0.0 | 6.0.1, 6.0.0 |
Required apps
Make sure you have the following apps installed on your Splunk Cloud Platform:
App | Description |
---|---|
Splunk App for SOAR Export (this app) | Download the Splunk App for SOAR Export from Splunkbase. This app is required to map event fields to CEF format, then forward those events to Splunk SOAR. |
Common Information Model | Download the Splunk Common Information Model (CIM) from Splunkbase. If you have Splunk Enterprise Security (ES) installed, you don't need to download this library as it is already included with Splunk ES.
|
This documentation applies to the following versions of Splunk® App for SOAR Export: 4.2.3
Feedback submitted, thanks!