Integration Issue - XSOAR Cortex and Splunk SIEM

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Integration Issue - XSOAR Cortex and Splunk SIEM

L0 Member

Hello Community,

 

I am facing an issue while trying to integrate XSOAR Cortex with Splunk SIEM. I have followed the necessary steps, including providing the IP address of the Splunk SIEM, my username, and password for the SIEM account. Additionally, I have left the port at the default value, which is 8089. However, when I click on the "Test" button to initiate the integration, the request times out, and I receive an error message.

 

I have checked the network connectivity, verified the credentials, and ensured that the correct port is open. Despite these efforts, the integration test continues to fail with a timeout error.

 

error message test integration.png

 

Has anyone else encountered a similar issue during the integration of XSOAR Cortex with Splunk SIEM? Any insights or suggestions on how to resolve this problem would be greatly appreciated.

 

Thank you in advance for your assistance!

 

Best regards,
Fabio

2 REPLIES 2

Cyber Elite
Cyber Elite

@fbertinelli691,

You appear to be using the IP address directly instead of the FQDN, what happens if you actually utilize the FQDN so that the certificate is actually valid? Additionally ensure that you don't have an 'allow list' configure on the Splunk cloud platform for limiting access to the search head API by looking at the Search head allow list group. A brief poke and it looks like your Splunk admin has this limited. 

I have followed the suggested steps by inserting the FQDN and conducted a SIEM-side check to ensure there are no restrictions in place. However, we are still experiencing timeout issues. The service is open on port 8191, but for the sake of thoroughness, we have also tried using other ports: 8000, 8098, and 8443. Unfortunately, we are encountering the same result. What could we be missing in this scenario?Untitled.png

  • 848 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!