Hi All,
Just wanted to know if we are integrating splunk cloud with Secops SOAR do we need to allow the Ingress & Egress IP & Port : 8089 at the firewall level?
Question
Splunk cloud integartion with SecOps SOAR
+5- Bronze 1
+8- Bronze 2
Hello,
There are two supported methods, pull‑based and push‑based.
If you use the pull‑based method, you will need the following network requirement:
“Network access to Splunk API from Google SecOps to Splunk: allow traffic over port 8089.”
This method is available from the SecOps Marketplace.
Since you mentioned you are using Splunk Cloud, I think you can use the cloud‑to‑cloud native push‑based integration.
Using this method, the Splunk app performs API calls to Google SecOps to add a new case. To use this method, you need to generate a Google SecOps API key and add the Google SecOps URI in the app configuration.
There is no need to make any changes in your firewall configuration.
You can read more here:
https://docs.cloud.google.com/chronicle/docs/soar/marketplace-integrations/splunk
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.