Skip to content

docs: explain how to find SOAR_URL #256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
P-r-e-m-i-u-m wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: explain how to find SOAR_URL #256

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/servers/secops_soar_mcp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ $Env:SOAR_APP_KEY = "your-soar-api-key"

For more detailed instructions on setting up environment variables, refer to the [usage guide](../usage_guide.md#setting-up-environment-variables).

If the server closes with a `Failed to fetch valid scopes from SOAR` error, confirm that `SOAR_URL` points to your SOAR base URL rather than your Backstory URL. The [usage guide](../usage_guide.md) includes steps for finding the correct value.

### Available Integrations

The `--integrations` flag in the server configuration allows you to enable specific integrations. The integration modules are located in the `marketplace/` directory. Here's a subset of the available integrations:
Expand Down
18 changes: 18 additions & 0 deletions docs/usage_guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,3 +244,21 @@ If you encounter issues with the MCP servers:
3. **Check server logs**: Look for error messages in the server output
4. **Restart the client**: Sometimes restarting the LLM Desktop or VS Code can resolve connection issues
5. **Verify uv installation**: Ensure that `uv` is properly installed and accessible in your PATH

### SecOps SOAR: finding the correct SOAR_URL

If the SecOps SOAR server starts and then shuts down with an error like this:

```text
Error: Failed to fetch valid scopes from SOAR, please make sure you have configured the right SOAR credentials. Shutting down...
MCP error -32000: Connection closed
```

check that `SOAR_URL` is set to your Google SecOps SOAR base URL, not your Backstory URL. The SOAR APIs used by this server are specific to the SOAR platform, so they are not listed in a Backstory tenant's Swagger documentation.

If you are not sure which URL to use, try one of these options:

1. In Google SecOps SOAR, go to **Settings > Webhooks**, create a new webhook with any parameters, and copy the base URL from the generated webhook URL. For example: `https://s4i0z.siemplify-soar.com`.
2. Open your browser developer tools, go to the **Network** tab, and navigate to **Cases** in the SOAR UI. Look for a request such as `GetCaseCardsByRequest`, open the **Headers** tab, and copy the base URL from that request. For example: `https://s4i0z.siemplify-soar.com`.

After updating `SOAR_URL`, restart your MCP client so it picks up the new environment variable.