@AL3Z Correlation Searches reside in Enterprise Security. To get them into SOAR you need to use the SOAR Adaptive responses (send_to_phantom/run_playbook) on the Notable Event which will create a container/event in SOAR for you to run automation against.
If I misunderstood the ask please expand and I will try to help.
Typically, we address security incidents using SOAR directly. My inquiry pertains to identifying searches within SOAR through Splunk ES. Is there a specific REST call command for this purpose?
You can use Splunk SOAR to run SPL in Splunk/ES using the Splunk App's run_query action. You will have to either know the full SPL and run manually, or if they are standard, regularly used searches you can build playbooks to dynamically populate the SPL before running it in Splunk.
If you want to find all the events that came from ES then that would usually be to check how many containers/events have that specific label which can be done via REST:
To get Notable events from ES into SOAR you need the Splunk App for SOAR Export setup on your Search Head then you will need to add the Adaptive Response to send to SOAR when the detection triggers an event in Splunk.
