Splunk SOAR | Configure | Set up the Splunk SOAR app

Make sure you have configured all the EclecticIQ Intelligence Center (EIQ IC) settings and installed the Splunk SOAR app before going to configure the app.

1. In Splunk SOAR, from the dropdown in the top right corner select Apps.

2. On the EclecticIQ Intelligence Center integration app, select Configure New Asset > Asset Settings.

3. Under EclecticIQ Intelligence Center address enter the URL for the IC instance you’re connecting to. E.g.: https://your-domain.eclecticiq.com

4. Under EclecticIQ Password/Token enter the API token you generated and saved.

5. For EclecticIQ public API version, select v2 if you are on EIQ IC v3.0.0 or later. Otherwise, select v1.

6. If you want to provide a custom certificate to your EIQ IC, enable EclecticIQ SSL cert check and add you certificates to the Splunk SOAR (On-premises) certificate store.
   See Splunk’s certificate documentation for more information.

7. Under EclecticIQ Group Name for Entities enter the name of the Group you created or chose earlier.

8. If you have setup a proxy server for your IC, enter your proxy settings under Proxy server address, Proxy server username, and Proxy server password to allow Splunk SOAR to connect to your IC instance.

9. (Optional) Under EclecticIQ Outgoing Feed ID # for polling enter the ID of the outgoing feed you created earlier.

Once done, select Test connectivity. If Test connectivity displays errors, follow the displayed instructions to troubleshoot those errors, or contact support and include that information.