In a clustered deployment, all services are external to Splunk Phantom, and an added load balancer. If you opt to deploy services such as Splunk Enterprise or Splunk Cloud, PostgreSQL, or a file share separately from your Splunk Phantom deployment, you need to make sure that Splunk Phantom can reach those services on your network. In an unprivileged virtual machine image or AMI-based deployment, the HTTPS port is set to 9999. In an unprivileged Splunk Phantom deployment the HTTPS port is specified when you install Splunk Phantom and is a port greater than 1023. This port must be exposed to access Splunk Phantom services. HTTPS port for the web interface and REST API. Splunk Phantom redirects all HTTP requests to HTTPS. Used for administering the operating system. On a single instance on-premises deployment of Splunk Phantom where all services are contained on the same host, open these ports in addition to allowing the Endpoints for all Splunk Phantom deployments. Ports for a standalone Splunk Phantom deployment Consult the app's documentation for details. Used by some apps to update or install their PIP dependencies.Īpps might need to reach specific endpoints in order to provide their functions. Used by the MaxMind app to add visualizations for IP address geolocation results. Used to access the community playbook repository.Īccess is required if your deployment uses an alternative repository for playbooks. If your organization prefers, you can use a satellite server instead. Required to run YUM updates for operating system components and installed software packages. If you use Splunk Mobile to access Splunk Phantom on mobile devices, your Splunk Phantom deployment must be able to reach If your deployment uses a Splunk Cloud deployment instead of the embedded Splunk Enterprise instance, Splunk Phantom must be able to reach your Splunk Cloud deployment. Required for RPM upgrades and automatic app upgrades. This table shows a list of the internet endpoints that a Splunk Phantom deployment uses. Use these tables to design the firewall rules for your deployment.Įndpoints for all Splunk Phantom deployments These tables list the ports which must be open to inbound traffic and internet endpoints which must be accessible to use Splunk Phantom.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |