IntSights Splunk App for Splunk SOAR Installation and Configuration

Describes how to install and configure the IntSights Splunk App for Splunk SOAR, an external app. All the relevant information can be found at https://github.com/splunk-soar-connectors/intsights

Before you can use the external app with Rapid7 Threat Command you need to add the app.

Add external app

Before using an external app, you must add it. There are two parts to adding an app:

  • Your admin must enable the app for you to add.
  • After that, you add the external app.

To add an external app:

  1. From the main menu, select Automation > Integrations.
  2. From the Integrations page, click External.
    temporary placeholder
  3. Click Add new device.
  4. Select the Device type.
    A default name is added. If the external device to add isn't displayed, ask your admin to enable it for you.
  5. Click Add.

The new device is added.

Install the app

Describes how to install the app.

To install the app:

  1. Download the IntSights Splunk App TGZ file from https://splunkbase.splunk.com/app/6031/
  2. Log into the Phantom console.
  3. In the top left of the screen, select Apps from the drop-down menu.
  4. Click INSTALL APP to install the downloaded TGZ module into Phantom.

Create an asset for the app

Describes how to configure an asset. Before you begin, you need the Threat Command API key and account ID, as described in API key and account IDTo create an asset for the app in Phantom:

  1. Log in to the Phantom platform.
  2. Navigate to the Home dropdown and select Apps.
  3. Search the IntSights Splunk App from the search box.
  4. Click CONFIGURE NEW ASSET.
  5. Navigate to the Asset Info tab and enter the Asset name and Asset description.
  6. Navigate to the Asset Settings tab.
  7. Paste the API Key and Account ID that was created from Threat Command.
  8. Save the asset.
  9. It is recommended to test the connectivity of the Phantom server to the Threat Command instance by clickingTEST CONNECTIVITY.