Security

Splunk release for exit on the internet

erlindemberg
Explorer

Folks,

I would like a help from you, here in the company where I work, Splunk has no way out of the internet.

After a lot of conversation, I managed to convince the client to allow the tool to access the internet.

However, access is partially working.
Today I can install a new app through Splunk web, but I can't update an app already installed.

The firewall team asked me for the splunk domains for release.

Below is the list I gave them:

I would like to know if there is any other domain that I should request the release.

§ url = https://splunkbase.splunk.com/api/apps
§ loginUrl = https://splunkbase.splunk.com/api/account:login/
§ detailsUrl = https://splunkbase.splunk.com/apps/id
§ updateHost = https://splunkbase.splunk.com
§ updatePath = /api/apps:resolve/checkforupgrade
§ https://telefonica.threatconnect.com/api

0 Karma
1 Solution

nickhills
Ultra Champion

The fact that you are giving them urls, and not hosts suggests that this is not a layer3 firewall, so you may find that traffic is also being proxied.

If that is the case, you may also need SSL bypass added for those domains as the mitm ssl inspection out of the box on devices "like" bluecoat and palo alto will fail the TLS verification Splunk performs when accessing splunk.com sites.

If my comment helps, please give it a thumbs up!

View solution in original post

nickhills
Ultra Champion

The fact that you are giving them urls, and not hosts suggests that this is not a layer3 firewall, so you may find that traffic is also being proxied.

If that is the case, you may also need SSL bypass added for those domains as the mitm ssl inspection out of the box on devices "like" bluecoat and palo alto will fail the TLS verification Splunk performs when accessing splunk.com sites.

If my comment helps, please give it a thumbs up!

jschogel_splunk
Splunk Employee
Splunk Employee

As an alternative, if you can go directly to splunkbase and download the app to a local machine in your network, you can then install it through the GUI on your Splunk Instance from within your company network.

0 Karma

erlindemberg
Explorer

I do this, but I would like to solve this problem

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Installing and updating apps use the same site. What error do you get when you try to update?

---
If this reply helps you, an upvote would be appreciated.

erlindemberg
Explorer

That's the message I get as a splunk horse:

The splunkd daemon cannot be reached by splunkweb. Check that there are no blocked network ports or that splunkd is still running. Click here to return to Splunk homepage.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...