Splunk SOAR

Splunk SOAR ldap config files?

esgrav
Engager

Hi,

 

Anyone knows where ldap config files are stored for Splunk SOAR?

Doc only gives me the clickops way...

There is no directory where you can find this for other splunk compontents; $SPLUNK_HOME/etc/system/local/

 

So are they stored in DB or what?

Labels (3)
0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@esgrav I take it you are looking at a programmatic way to create/update the LDAP configuration?

I don't believe you can in the same way you can with Splunk and just inject a .conf file for LDAP. I have also checked the REST docs and there is no REST endpoint to configure this, hence I would make an educated guess that it can't be done any other way than the UI. 

In ES8.x paired with SOAR 7.x then I think the LDAP scheme in Splunk can be used to manage access to SOAR as they are closer paired and AFAIK share the same authentication schema. 

--  Please provide Karma if it helped, and mark it a solution if it resolved your query. Happy SOARing! --

-- Hope this helps, if so consider leaving some Karma. Even better is if this fixed your issue, that you mark as a solution for others to find. Happy SOARing!! ---

View solution in original post

phanTom
SplunkTrust
SplunkTrust

@esgrav I take it you are looking at a programmatic way to create/update the LDAP configuration?

I don't believe you can in the same way you can with Splunk and just inject a .conf file for LDAP. I have also checked the REST docs and there is no REST endpoint to configure this, hence I would make an educated guess that it can't be done any other way than the UI. 

In ES8.x paired with SOAR 7.x then I think the LDAP scheme in Splunk can be used to manage access to SOAR as they are closer paired and AFAIK share the same authentication schema. 

--  Please provide Karma if it helped, and mark it a solution if it resolved your query. Happy SOARing! --

-- Hope this helps, if so consider leaving some Karma. Even better is if this fixed your issue, that you mark as a solution for others to find. Happy SOARing!! ---

esgrav
Engager

Ok, thanks for confirming my suspicion... 

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...