Skip to main content
Ctrl+K
Logo image Logo image

Intelligence Center 3.2.3 Docs

Site Navigation

  • Release Notes
  • Install Configure Upgrade
  • Get to know EclecticIQ Intelligence Center
  • Work with intelligence
  • Integrations

Section Navigation

  • EclecticIQ Integrations Life Cycle Policy
  • Extensions
    • Enrichers
      • About enrichers
      • Configure enrichers
      • Run enrichers
      • Rules for enrichers
      • Saving data
    • Incoming Feeds
      • Access incoming feeds
      • Create and configure incoming feeds
      • Start and stop incoming feeds
      • Reingest incoming feeds
      • Delete incoming feed content and configuration
    • Outgoing feeds
      • Access outgoing feeds
      • Configure content types
      • Update strategy
      • Download outgoing feed created packages
      • Create and configure outgoing feeds
      • Start and stop outgoing feeds
  • Apps
    • Exchange data between platforms
      • Exchanging data between EclecticIQ Intelligence Center instances
      • Create an automation role
      • Create an automation user
      • Create an automation group
      • Create a TAXII outgoing feed
      • Create a TAXII incoming feed
      • About ingestion discrepancies
    • Arcsight
      • About the Arcsight integration
      • Get data from EclecticIQ Intelligence Center to Arcsight
        • Installation of Smart Connector(s)
        • Configure Intelligence Center
        • Import the EclecticIQ base content package in ESM
        • Incoming events
        • EclecticIQ Platform connector field mappings
      • Create sightings and lookups from ArcSight to EclecticIQ Intelligence Center
        • CounterACT connector installation and configuration
        • Create Entity Command
    • Cortex XSoar
    • IBM QRadar SOAR
      • About the IBM QRadar SOAR integration
      • Before you start with IBM QRadar SOAR
      • Install EclecticIQ Intelligence Center Integration
      • Configure Intelligence Center Integration
      • Bootstrap Intelligence Center Integration
      • Run resilient-circuits as a service
      • Configure manual sighting creation
      • Manually create sightings
      • Create artifacts and search for matches
      • Upgrade EclecticIQ Intelligence Center Integration
      • Uninstall EclecticIQ Intelligence Center Integration
      • Release notes - IBM QRadar SOAR integration
        • Release notes - IBM QRadar SOAR integration 1.1.6
        • Release notes - IBM Resilient integration 1.1.5
        • Release notes - IBM Resilient integration 1.1.3
        • Release notes - IBM Resilient integration 1.1.2
        • Release notes - IBM Resilient integration 1.0.3
    • ServiceNow
      • Configure
        • Prepare EIQ IC
        • Prepare ServiceNow
      • Use
        • Export Incidents to EIQ IC
        • Export Observables to EIQ IC
        • Lookup Observables in SNOW
    • Splunk SOAR
      • Configure
        • Configure your Intelligence Center
        • Install the Splunk SOAR app
        • Configure the Splunk SOAR app
      • Use
        • Create Entities
        • Enrich Entities
        • Search IC
        • Ingest Entities into Splunk SOAR
  • Threat Scout
    • Scanning for intelligence
    • Exporting intelligence
      • Intelligence Center export settings
    • Connecting to OpenAI or Intelligence Center
    • Release notes
      • 1.0.0

Splunk SOAR | Use | Search#

The Splunk SOAR integration with EclecticIQ Intelligence Center (EIQ IC) allows you to search the Entities in IC from Splunk SOAR.

A search query will always return Entities with their:

  • Title

  • Type

  • Description

  • Source

  • Tags

  • Related Entities

  • Connected Observables with Type and Maliciousness

The table below shows the kinds of search strings you can enter, as well as the filtering it applies to the results.
You can concatenate with AND logic.

Search string

Filters to

(Partial) Entity Title

Only Entities matching that Title.

Entity Type (dropdown)

Only Entities of that type.

Observable Value

Only Entities connected to that Observable.

Alternatively, you can search for an exact Entity UUID, e.g.: a86f8393-eff6-4b31-b203-f63152be5a43. This retrieves that specific Entity (meaning additional filters like Type or Title aren’t necessary).

previous

Splunk SOAR | Use | Enrich

next

Splunk SOAR | Use | Ingest