Hi @afredhussain  It looks like your Splunk Cloud instance isnt configured to allow the FortiSOAR inbound connection in its IP allow list.  Check out https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/configure-your-splunk-cloud-platform-deployment/configure-ip-allow-lists-using-splunk-web for info on how to configure the allow list on your Cloud stack. Basically head to https://yourcloudstack.splunkcloud.com/en-US/manager/search/manage_system_config/ip_allow_list and select the "search head api" tab and add an IP range in there to cover the FortiSOAR egress IPs. 🌟 Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing ... View more