Splunk® SOAR (On-premises)

Administer Splunk SOAR (On-premises)

The classic playbook editor will be deprecated soon. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Set global environment variables

You can set environment variables that apply globally across the runtime environment to manage proxies or other features. You can also override or provide these variables on a per-app basis in the app advanced configuration. Changes to global environment settings will not be applied until the platform is restarted.

To make changes to the global environment:

  1. From the main menu, select Administration.
  2. Click Administration Settings > Environment Settings.
  3. Click +Variable to add a new environment variable.
  4. In the Name field, specify HTTP_PROXY, HTTPS_PROXY, or NO_PROXY depending on the type of proxy connection. These environment variables are read by all processes and affect the entire product including external search connections, app and asset connections, and requests made from within playbooks.

    These variable names are case sensitive and must be entered as HTTP_PROXY, HTTPS_PROXY, or NO_PROXY.

  5. In the Value field, include the following depending on the type of proxy configuration. Wildcards are not supported.
    1. HTTP and HTTPS proxy configurations: protocol, hostname or IP address, and the port of the proxy server. For example,
    2. NO_PROXY configurations: IP address, hostname, or domain of the asset.
    3. (Conditional) If the proxy server requires authentication, consider the following items:
    • <scheme>://[<username>[:<password>]@]<host>[:port]> is the scheme (http or https), optional username and password, host name or IP address, and optional port number used to connect to the proxy server.
    • The scheme and host are required.
    • If using a proxy server that requires authentication may need a service account on the proxy server.
    • If authentication credentials (username/password) are specified, the "secret" box should be selected so that the username and password are stored in encrypted format.
    • If port is not specified it defaults to port 80 when the scheme is http, and port 443 when the scheme is https.
  6. Check Secret to encrypt the Value field and stop it from being displayed.

When configuring the system to use an HTTP or HTTPS proxy, Splunk SOAR (On-premises) requires that you except calls to the loopback interface from the proxy list. You must set the environment variable NO_PROXY to include, localhost, and localhost.localdomain so that REST calls can be made on the loopback interface without being diverted to the proxy.

Apply environment variables to individual assets

You can also apply environment variables to configured assets individually. If you are using NO_PROXY, the asset configuration takes precedence over the global environment variable. However, if you are using HTTPS_PROXY, the global environment variable takes precedence over the asset configuration. For more information, see Add and configure apps and assets to provide actions in .

Multi-tenancy and environment variables

When multi-tenancy is enabled, you can choose to set specific environment variables per tenant. To set specific environment variables per tenant, select the tenant you want to set the environment variables for in the Tenant drop-down menu on the Environment Settings screen. For more information on enabling and using multi-tenancy, see Configure multiple tenants on your instance.

When multi-tenancy is enabled, per-asset variables take precedence over per-tenant variables and per-tenant variables take precedence over global environment variables. When multi-tenancy is not enabled, per-asset environment variables take precedence over global environment variables.

Last modified on 12 March, 2024
Manage your organization's credentials with a password vault   Set the global action concurrency limit

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters