-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1501 from TOUFIKIzakarya/add/splunk_soar
Add splunk soar doc
- Loading branch information
Showing
8 changed files
with
51 additions
and
0 deletions.
There are no files selected for viewing
50 changes: 50 additions & 0 deletions
50
_shared_content/intelligence_center/integrations/splunk_soar.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| # External Integrations: Splunk SOAR | ||
|
|
||
| ## Description | ||
|
|
||
| An App for Splunk SOAR is available to interact with our SEKOIA.IO API. | ||
|
|
||
| For the moment there are just three actions for the SEKOIA CTI API : | ||
|
|
||
| - **Get indicator** : Action that allow the user to get an indicator according to some criteria. | ||
| - **Get indicator Context**: Action that allow the user to get the context of an indicator. | ||
| - **Get Observable**: Create an action that allow the user to get an observable according to some criteria | ||
|
|
||
| ## Prerequisite | ||
|
|
||
| On Sekoia.io CTI, create an API KEY with the following permission: | ||
| - `INTHREAT_READ_OBJECTS` (`8d9901dc-0508-4472-b3c1-5ad5efc96032`): Read objects from InThreat | ||
|
|
||
| [More information on API KEY creation](../../../getting_started/manage_api_keys.md) | ||
|
|
||
| ## Install | ||
|
|
||
| In your Splunk SOAR instance, you can directly go to the `app` part and search for `sekoia` in the `unconfigured apps`. | ||
|
|
||
| In the case, you can't find it, Follow this steps bellow : | ||
|
|
||
| 1/ Search for it in the [splunk marketplace](https://splunkbase.splunk.com/app/7142) | ||
|
|
||
|  | ||
|
|
||
| 2/ Download the app as tar file | ||
|
|
||
|  | ||
|
|
||
| 3/ Go to the `app` part in your instance | ||
|
|
||
|  | ||
|
|
||
| 4/ click on `install app` button | ||
|
|
||
|  | ||
|
|
||
| 5/ Put the tar file there. | ||
|
|
||
|  | ||
|
|
||
| 6/ finally you can start using it. | ||
|
|
||
|  | ||
|
|
||
| To learn how to use the integration, please read the [technical documentation ](https://github.com/splunk-soar-connectors/sekoiaio/blob/next/README.md) |
Binary file added
BIN
+117 KB
_shared_content/intelligence_center/integrations/splunk_soar_images/image_1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+116 KB
_shared_content/intelligence_center/integrations/splunk_soar_images/image_2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+68.9 KB
_shared_content/intelligence_center/integrations/splunk_soar_images/image_3.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+136 KB
_shared_content/intelligence_center/integrations/splunk_soar_images/image_4.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+80.8 KB
_shared_content/intelligence_center/integrations/splunk_soar_images/image_5.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+32.4 KB
_shared_content/intelligence_center/integrations/splunk_soar_images/image_6.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters