Getting Started
Overview
This document provides a quick reference for using ReversingLabs apps for Splunk SOAR. Learn how to use the power of ReversingLabs Spectra with Splunk SOAR to add rich context to Splunk SOAR artifacts.
Installation
The first step is to ensure that at least one of the ReversingLabs apps for Splunk SOAR is installed. See the following documents for install instructions:
Actions
Apps extend the capabilities of Splunk SOAR by connecting to third party services. Apps will generally include a set of "actions" that interact with these third party services. ReversingLabs has developed apps for Splunk SOAR that connect with a variety of Spectra products, including Spectra Intelligence and Spectra Analyze.
After installing a ReversingLabs app, actions will become available to Splunk SOAR users from the analyst view. There are two ways to run an action:
- The "actions" button
- The context menu when selecting an artifact
Clicking the actions button, then filtering by app and selecting a ReversingLabs app provides a list of all available actions:
For even quicker access to relevant actions, selecting an artifact value and the "Run Action" tab provides a list of actions that map to the artifact type:
Playbooks
Instead of manually running an action, playbooks make it easy to automatically run an action, saving time during the triage process.
Like actions, playbooks can be called manually. Playbooks can also be configured to run automatically, such as when a new container is created. To configure a ReversingLabs playbook to run automatically:
- Ensure that the playbook setup process is completed
- Open the playbook
- Click the "Active" toggle button to enable the playbook
- NOTE: By default, the playbook will run automatically on all new containers. This can be modified by changing the "Operates on" value.
Next steps
Check out our useful guides on using ReversingLabs apps for Splunk SOAR: