Pair Splunk SOAR (On-premises) with Splunk Enterprise Security (On-premises)

Note: This feature will be available when your Enterprise Security stack is upgraded to 8.1. The information in this article is preliminary and might change when Enterprise Security 8.1 is released.

Pair your Splunk SOAR (On-premises) instance with your Splunk Enterprise Security (On-premises) version 8.1.x instance to add the automation capabilities of Splunk SOAR (On-premises) to the security analytics of Splunk Enterprise Security (On-premises) version 8.1.x.

Note: You cannot pair Splunk Enterprise Security with multi-tenant or clustered Splunk SOAR (On-premises) deployments.

Coordinate with your Splunk Enterprise Security administrator and Splunk administrator to perform the pairing.

Provide the administrators with the following Splunk SOAR (On-premises) information:

  • IP address, including CIDR, for the Splunk Cloud Platform IP allow list
  • Base URL, including the port number if you are not using port 433, the default HTTPS port (For example, https://soar.example.com:1234/).
    Make sure that the port you specify is open.
  • Login credentials (username and password)

The Splunk Enterprise Security admin might contact you about an error in the pairing process. Possible issues include:

  • The Splunk SOAR (On-premises) version is not compatible with this version of Splunk Enterprise Security (On-premises) version 8.1. You might need to upgrade your Splunk SOAR (On-premises) deployment.
  • The credentials entered for pairing were not correct. You might need to verify the Splunk SOAR (On-premises) credentials.
  • Your Splunk SOAR SSL certificate is invalid. You might need to update the certificate. See Updating the SSL certificates for details.

CAUTION: The following users and roles manage the pairing of Splunk SOAR (On-premises) and Splunk Enterprise Security (On-premises) version 8.1.x. Do not assign the roles to user accounts or modify these users; es_soar_integration_role, es_automation_user, es_integration_user

See also