×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
1var
Engager
Member since: a week ago
Monday
Community Statistics
Posts 2
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎05-07-2025
Topics I've Started
View All

Re: How to block outgoing traffic with the SOAR ap...

by in Splunk SOAR
a week ago
a week ago
It looks as if the app-functions "Submit indicator" will be able to solve this for us:  { "indicatorValue": "9.9.9.9", "indicatorType": "IpAddress", "action": "Block", "title": "Block outbound traffic to 9.9.9.9", "description": "Referanse: JIRA-XYZ", "generateAlert": true } ... View more

How to block outgoing traffic with the SOAR app fo...

by in Splunk SOAR
a week ago
a week ago
We're looking to block outgoing traffic from a specific client or group, using the Microsoft Defender for Endpoint-app. If we were to implement this ourselves using the MS api, it would be something like: POST https://api.securitycenter.microsoft.com/api/machines/{machineId}/restrict Authorization: Bearer {your_access_token} Content-Type: application/json { "action": "Block", "destination": "IP_ADDRESS_OR_DOMAIN", "protocol": "TCP", "port": "443" } However, I haven't been able to find a corresponding call in the app source code. Am I missing something, or isn't this currently supported? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
Monday