I have a request for an alert in Splunk Cloud to run a script whenever triggered. The issue is that due to networking rules, I cannot open up the firewall from SC to my device that needs the script. I do have an open connection from SC to my Heavy Forwarder and my HF can access my device. So my question is, is there a way for an alert to be triggered on SC and something be sent to my HF to run the necessary script?
Only way I know of how to do this is to set up hybrid search where a search head (the heavy forwarder?) is on premise and is able to search your Splunk Cloud indexers. Thus the alert can be set up on-prem and thus has access to first see the data to trigger the alert but also have access to your device in order to trigger the run of the script. That being said, this does require Splunk Support/Ops to set up.