Security

Splunk release for exit on the internet

erlindemberg
Explorer

Folks,

I would like a help from you, here in the company where I work, Splunk has no way out of the internet.

After a lot of conversation, I managed to convince the client to allow the tool to access the internet.

However, access is partially working.
Today I can install a new app through Splunk web, but I can't update an app already installed.

The firewall team asked me for the splunk domains for release.

Below is the list I gave them:

I would like to know if there is any other domain that I should request the release.

§ url = https://splunkbase.splunk.com/api/apps
§ loginUrl = https://splunkbase.splunk.com/api/account:login/
§ detailsUrl = https://splunkbase.splunk.com/apps/id
§ updateHost = https://splunkbase.splunk.com
§ updatePath = /api/apps:resolve/checkforupgrade
§ https://telefonica.threatconnect.com/api

0 Karma
1 Solution

nickhills
Ultra Champion

The fact that you are giving them urls, and not hosts suggests that this is not a layer3 firewall, so you may find that traffic is also being proxied.

If that is the case, you may also need SSL bypass added for those domains as the mitm ssl inspection out of the box on devices "like" bluecoat and palo alto will fail the TLS verification Splunk performs when accessing splunk.com sites.

If my comment helps, please give it a thumbs up!

View solution in original post

nickhills
Ultra Champion

The fact that you are giving them urls, and not hosts suggests that this is not a layer3 firewall, so you may find that traffic is also being proxied.

If that is the case, you may also need SSL bypass added for those domains as the mitm ssl inspection out of the box on devices "like" bluecoat and palo alto will fail the TLS verification Splunk performs when accessing splunk.com sites.

If my comment helps, please give it a thumbs up!

nyc_jason
Splunk Employee
Splunk Employee

As an alternative, if you can go directly to splunkbase and download the app to a local machine in your network, you can then install it through the GUI on your Splunk Instance from within your company network.

0 Karma

erlindemberg
Explorer

I do this, but I would like to solve this problem

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Installing and updating apps use the same site. What error do you get when you try to update?

---
If this reply helps you, Karma would be appreciated.

erlindemberg
Explorer

That's the message I get as a splunk horse:

The splunkd daemon cannot be reached by splunkweb. Check that there are no blocked network ports or that splunkd is still running. Click here to return to Splunk homepage.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...