About the Splunk Mobile App for Splunk SOAR (On-premises)

This feature is deprecated.
The Splunk Mobile App for Splunk SOAR (On-premises) is deprecated as of Splunk SOAR (On-premises) version 6.4.0. This feature continues to function and might be be removed in a future version.

See Deprecated feature in the Splunk SOAR (On-premises) version 6.4.0 Release Notes.

The Splunk Mobile App now is available for Splunk SOAR (On-premises). You don't have to be in front of a laptop or desktop to take action during an urgent incident. You can use the Splunk Mobile App to view and respond to notifications, view dashboards, view event details, or run a playbook.

To get started with the Splunk Mobile App, perform the following administration and user tasks.

Note: The Splunk Mobile app for Splunk SOAR (On-premises) only works with iOS devices, and does not support multi-tenancy.

Administration tasks

Perform the following administration tasks before using the Splunk Mobile App for Splunk SOAR (On-premises):

  1. Open the required ports. See Ports for connecting mobile devices to Splunk SOAR (On-premises) using Splunk Connected Experience apps in Install and Upgrade Splunk SOAR (On-premises).
  2. Enable the Mobile App registration feature. See Enable or disable registered mobile devices in Administer Splunk SOAR (On-premises).
  3. Check the status of ProxyD. See View the health of your Splunk SOAR (On-premises) system in Administer Splunk SOAR (On-premises).

User tasks

To use the app, you must be a registered user in the Splunk SOAR (On-premises) platform. Contact your Splunk SOAR (On-premises) admin about adding new users.

Perform the following tasks after an admin has completed the administration tasks:

  1. Install the app and register your mobile device. See Mobile device registration in Use Splunk SOAR (On-premises).
  2. Use the Splunk Mobile App. See Using the Splunk Mobile App for Splunk SOAR (On-premises) in Use Splunk SOAR (On-premises).

Limitations

You can't use the Splunk Mobile App with two-factor authentication. If you're using two-factor authentication, you see the following error in the WSGI log file: "phantom_ui.ui.shared.HttpError: This user requires two factor authentication. Access to REST API is denied."