Security

Splunk TV: Firewall Rules to connect Apple TV + Splunk TV app to Splunk Cloud Gateway / Cloud Bridge

st4ple
Path Finder

I'm trying to get Splunk TV on Apple TV approved by Security in my company. The connection from the Cloud Gateway app on the SHC to the Cloud Bridge is sufficently documented here: https://docs.splunk.com/Documentation/Gateway/1.8.0/Installation/Installation, but I'm struggling to find the equivalent for the connection between the Cloud Bridge and Apple TV with the Splunk TV app on it.

What I'm trying to find out is what connections on which port(s) I need to open in the Firewall for Apple TV and the Splunk TV app to work.

Does anyone have more details here? Perhaps from your own attempts of getting Splunk TV on Apple TV approved?

0 Karma
1 Solution

FrankVl
Ultra Champion

Looking at outbound network traffic from my AppleTV around the time I had the Splunk TV app open, it is only connecting out on port 443 it seems.

Bit hard to pinpoint to which hosts, but I do see one of the IPs belonging to prod.spacebridge.spl.mobi showing up. Combining that with the mouse over text on that image in the docs, it seems 443 to prod.spacebridge.spl.mobi is all you need, both for the connection between splunk and the cloud bridge as well as from the appletv/mobile devices to the cloud bridge.

View solution in original post

FrankVl
Ultra Champion

Looking at outbound network traffic from my AppleTV around the time I had the Splunk TV app open, it is only connecting out on port 443 it seems.

Bit hard to pinpoint to which hosts, but I do see one of the IPs belonging to prod.spacebridge.spl.mobi showing up. Combining that with the mouse over text on that image in the docs, it seems 443 to prod.spacebridge.spl.mobi is all you need, both for the connection between splunk and the cloud bridge as well as from the appletv/mobile devices to the cloud bridge.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...