Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About SplkhdA_1
SplkhdA_1
Engager
Member since:
08-14-2024
09-02-2024
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 08-14-2024 |
Activity Feed
- Karma Re: I can't connect Splunk SOAR to Splunk Enterprise Security for PickleRick. 09-01-2024 01:45 PM
- Posted Re: I can't connect Splunk SOAR to Splunk Enterprise Security on Splunk SOAR. 09-01-2024 01:19 PM
- Posted Re: I can't connect Splunk SOAR to Splunk Enterprise Security on Splunk SOAR. 09-01-2024 08:31 AM
- Posted Re: I can't connect Splunk SOAR to Splunk Enterprise Security on Splunk SOAR. 09-01-2024 08:07 AM
- Posted Re: I can't connect Splunk SOAR to Splunk Enterprise Security on Splunk SOAR. 09-01-2024 03:09 AM
- Posted Re: I can't connect Splunk SOAR to Splunk Enterprise Security on Splunk SOAR. 08-31-2024 11:53 AM
- Posted Re: I can't connect Splunk SOAR to Splunk Enterprise Security on Splunk SOAR. 08-29-2024 02:58 PM
- Posted I can't connect Splunk SOAR to Splunk Enterprise Security on Splunk SOAR. 08-29-2024 02:33 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
09-01-2024
01:19 PM
yes, I can not connect to 8089 port from Soar machine to splunk enterprise machine with using CLI(telnet/netcat/curl/openssl). I scanned 8089 port with using nmap and It says refused the connection. I think it might be an issue with the Azure platform. The Virtual Machine(CentOS) might be refusing to connect to the external network and this might be related to azure. I will contact Azure support team.
... View more
09-01-2024
08:31 AM
I couldn't find any selinux blocking in the audit logs. I disabled it for testing anyway but nothing changed.
... View more
09-01-2024
08:07 AM
Yes. I can connect to Splunk from SOAR machine. in linux now firewalld works with splunk phantom. It never occurred to me to check SELinux. It works in Enforcing mode, but I don't understand what exactly is the effect on SOAR. Would it be appropriate to disable it or put it in Permissive mode?
... View more
09-01-2024
03:09 AM
Hello. Splunk can now listen to all ports related to itself. I have no problems connecting to other services on the mac. I gave splunk full permission for incoming connections in the firewall on Mac. Unfortunately, it does not happen despite this. Either I am missing a very simple point or there is a bug in the soar program for centOS 8 and I will wait for the next update :))
... View more
08-31-2024
11:53 AM
Hello again. I made sure that my centOS computer with Splunk SOAR installed and my MAC computer with Splunk Enterprise installed are on the same network. CentOS is installed on azure. I enabled my Mac computer to access the azure network with Virtual Network Gateway. CentOS and Mac computers can ping each other but I can't access port 8089. Do I need to do something with splunk enterprise for this?
... View more
08-29-2024
02:58 PM
Actually I did what you said. I asked this question to the community to make sure I was doing it right, maybe I was missing something. SOAR is installed on centos 8.5 operating system. I couldn't install openvpn on this OS. I rented another virtual machine and installed openvpn on it. VPN machine and SOAR were on different networks again, I peered them over azure. CentOS 8.5 machine and openvpn machine were on the same network. When I connect to VPN from my computer, I can ping the centOS private IP address from my computer and get a response, there is no problem here. But Splunk SOAR still refuses to connect 😞
... View more
08-29-2024
02:33 PM
First of all, hello everyone. I have a mac computer. I installed Splunk enterprise security on this Mac M1 computer. Then I wanted to install Splunk SOAR, but I could not install it due to centos/RHEL arm incompatibility installed on the virtual machine. Then I rented a virtual machine from azure and installed Splunk SOAR there. Splunk enterprise is installed on my local network. First, I connected Splunk Enterprise to SOAR by following the instructions in this video (https://www.youtube.com/watch?v=36RjwmJ_Ee4&list=PLFF93FRoUwXH_7yitxQiSUhJlZE7Ybmfu&index=2) and test connectivity gave successful results. Then I tried to connect SOAR to Splunk Enterprise by following the instructions in this video (https://www.youtube.com/watch?v=phxiwtfFsEA&list=PLFF93FRoUwXH_7yitxQiSUhJlZE7Ybmfu&index=3), but I had trouble connecting soar to Splunk because Splunk SOAR and Splunk Enterprise Security are on different networks. In the most common example I came across, SOAR and Splunk Enterprise Security are on the same network, but they are on different networks. What should I write to the host ip here when trying to connect SOAR? What is the solution? Thanks for your help.
... View more
Labels
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-02-2024
06:54 AM
|
