This documentation does not apply to the most recent version of Splunk® SOAR (On-premises).
For documentation on the most recent version, go to the latest release.
Configure labels to apply to containers
Labels are a property applied to containers. A label applied to a container enables to run playbooks and other automation against containers.
ships with one label defined: events. More labels can be added to suit your workflow or organizational needs. Labels can have additional custom fields, be used as the basis of a HUD Card, or have tags required before the label's container can be set to a closed or resolved status.
Create a label
Perform the following steps to create a label:
- From the Home menu, select Administration.
- Click Event Settings > Label Settings.
- Click + Label.
- Type a name for the label.
- Click Create.
Delete or modify a label
Delete a label by clicking the ⓧ icon to the right of the label's name.
Perform the following tasks to modify a label:
- From the Home menu, select Administration.
- Click Event Settings > Label Settings.
- Click the label's name in the list.
- Click either Custom Fields, HUD, or Resolution. Each of these items behaves identically to the top-level settings of the same name.
- For Custom Fields settings, see Create custom fields for containers.
- For HUD settings, see Track information about an event or case using HUD cards.
- For Resolution settings, see Configure how events are resolved.
Last modified on 22 September, 2021
| Configure how events are resolved | Use authorized users to grant authorized access |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1
Download manual
Feedback submitted, thanks!