This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Integration Issue - XSOAR Cortex and Splunk SIEM

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Integration Issue - XSOAR Cortex and Splunk SIEM

fbertinelli691
L0 Member

‎06-26-2023 08:32 AM - edited ‎06-26-2023 08:34 AM

Hello Community,

 

I am facing an issue while trying to integrate XSOAR Cortex with Splunk SIEM. I have followed the necessary steps, including providing the IP address of the Splunk SIEM, my username, and password for the SIEM account. Additionally, I have left the port at the default value, which is 8089. However, when I click on the "Test" button to initiate the integration, the request times out, and I receive an error message.

 

I have checked the network connectivity, verified the credentials, and ensured that the correct port is open. Despite these efforts, the integration test continues to fail with a timeout error.

 

error message test integration.png

 

Has anyone else encountered a similar issue during the integration of XSOAR Cortex with Splunk SIEM? Any insights or suggestions on how to resolve this problem would be greatly appreciated.

 

Thank you in advance for your assistance!

 

Best regards,
Fabio

0 Likes Likes
2 REPLIES 2

BPry
Cyber Elite
Cyber Elite

‎06-27-2023 06:30 AM

@fbertinelli691,

You appear to be using the IP address directly instead of the FQDN, what happens if you actually utilize the FQDN so that the certificate is actually valid? Additionally ensure that you don't have an 'allow list' configure on the Splunk cloud platform for limiting access to the search head API by looking at the Search head allow list group. A brief poke and it looks like your Splunk admin has this limited. 

0 Likes Likes

fbertinelli691
L0 Member
In response to BPry

‎06-28-2023 08:02 AM

I have followed the suggested steps by inserting the FQDN and conducted a SIEM-side check to ensure there are no restrictions in place. However, we are still experiencing timeout issues. The service is open on port 8191, but for the sake of thoroughness, we have also tried using other ports: 8000, 8098, and 8443. Unfortunately, we are encountering the same result. What could we be missing in this scenario?Untitled.png

0 Likes Likes
  • 1089 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks