Configure labels to apply to containers
Labels are a property applied to containers. A label applied to a container enables Splunk SOAR (Cloud) to run playbooks and other automation against containers.
Splunk SOAR (Cloud) ships with one label defined: events. More labels can be added to suit your workflow or organizational needs. Labels can have additional custom fields, be used as the basis of a HUD Card, or have tags required before the label's container can be set to a closed or resolved status.
Create a label
Perform the following steps to create a label:
- From the Home menu, select Administration.
- Click Event Settings > Label Settings.
- Click + Label.
- Type a name for the label.
- Click Create.
Delete or modify a label
Delete a label by clicking the ⓧ icon to the right of the label's name.
Perform the following tasks to modify a label:
- From the Home menu, select Administration.
- Click Event Settings > Label Settings.
- Click the label's name in the list.
- Click either Custom Fields, HUD, or Resolution. Each of these items behaves identically to the top-level settings of the same name.
- For Custom Fields settings, see Create custom fields for containers.
- For HUD settings, see Track information about an event or case using HUD cards.
- For Resolution settings, see Configure how events are resolved.