Splunk® App for SOAR Export

Use the Splunk App for SOAR Export to Forward Events

This documentation does not apply to the most recent version of Splunk® App for SOAR Export. For documentation on the most recent version, go to the latest release.

Check prerequisites for Splunk App for SOAR Export on Splunk Cloud Platform

Verify that your environment is ready to use the Splunk App for SOAR Export to integrate Splunk SOAR with your Splunk deployment.

Required user privileges and ports

Verify the following user privileges and ports:

  • By default, Splunk SOAR must have TCP ports 443 and 8089 open to and from Splunk Enterprise Security (ES) search heads.
    If you are using other TCP ports to connect to Splunk Enterprise Security search heads, substitute those ports. Be consistent with the substituted TCP port numbers.
  • In your on-premises deployment, verify that you have the necessary network availability among all devices.

Splunk product compatibility matrix

Use this matrix to determine the compatibility of the Splunk App for SOAR Export with certain versions of Splunk Cloud Platform or Splunk Enterprise and Splunk SOAR (Cloud) or Splunk SOAR (On-premises). You can use all versions that appear in a single row interchangeably. Splunk Enterprise Security is not required for Splunk App for SOAR Export.

Notations like Splunk Enterprise Security versions 6.5.1, 6.5.x mean that Splunk Enterprise Security version 6.5.1 or any 6.5.x release later than 6.5.1 is required.

Splunk App for SOAR Export version Splunk Enterprise version Splunk Cloud Platform version Splunk Enterprise Security version Splunk SOAR (On-premises) version Splunk SOAR (Cloud) Version
4.2.3
(CIM version 5.1.1)
9.1.0.2 9.0.2305, 9.0.2303 7.1.1 6.1.1 6.1.1
9.1.0 9.0.2305, 9.0.2303 7.1.1 6.1.0 6.1.0
9.1.0, 9.0.5 9.0.2305, 9.0.2303 7.1.1 6.0.2 6.0.2
9.1.0, 9.0.4 9.0.2209, 9.0.2305, 9.0.2303 7.1.1 6.0.1, 6.0.0 6.0.1, 6.0.0

Required apps

Make sure you have the following apps installed on your Splunk Cloud Platform:

App Description
Splunk App for SOAR Export (this app) Download the Splunk App for SOAR Export from Splunkbase. This app is required to map event fields to CEF format, then forward those events to Splunk SOAR.
Common Information Model Download the Splunk Common Information Model (CIM) from Splunkbase. If you have Splunk Enterprise Security (ES) installed, you don't need to download this library as it is already included with Splunk ES.


This app is required for the automated mapping models in adaptive response actions on Splunk Cloud Platform to work correctly.

Last modified on 08 February, 2024
 

This documentation applies to the following versions of Splunk® App for SOAR Export: 4.2.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters