![]() ![]() This port is also used by warm standby configurations for PostgreSQL streaming replication. See About Splunk Phantom clusters in Install and Upgrade Splunk Phantom. In a clustered Splunk Phantom deployment, each Splunk Phantom node must be able to reach the PostgreSQL database. If you choose to use an external PostgreSQL database instead, you must make sure that Splunk Phantom can reach the database on your network. Used for the universal forwarder to either forward or direct the indexers.Ī single instance, on-premises deployment of Splunk Phantom uses a local instance of a PostgreSQL database. Used for the REST endpoint to send information to the Splunk instances. Used as the HTTP Event Collecter (HEC) and provides searching capabilities. If you are using the non-embedded version of Splunk Enterprise, open these ports on each Splunk Phantom node. Required ports for non-embedded Splunk Enterprise Can be blocked on the Shared Services server if using an alternate Splunk Enterprise server. Splunk Enterprise server HTTP Event Collector (HEC) service. Open these ports on each Splunk Phantom node for embedded Splunk cluster configuration. Required ports for embedded Splunk Enterprise See Example: Splunk Phantom cluster for a diagram of a Splunk Phantom cluster. In a clustered deployment, all services are external to Splunk Phantom, and an added load balancer. ![]() If you opt to deploy services such as Splunk Enterprise or Splunk Cloud, PostgreSQL, or a file share separately from your Splunk Phantom deployment, you need to make sure that Splunk Phantom can reach those services on your network. In an unprivileged virtual machine image or AMI-based deployment, the HTTPS port is set to 9999. In an unprivileged Splunk Phantom deployment the HTTPS port is specified when you install Splunk Phantom and is a port greater than 1023. ![]() This port must be exposed to access Splunk Phantom services. HTTPS port for the web interface and REST API. Splunk Phantom redirects all HTTP requests to HTTPS. Used for administering the operating system. On a single instance on-premises deployment of Splunk Phantom where all services are contained on the same host, open these ports in addition to allowing the Endpoints for all Splunk Phantom deployments. Ports for a standalone Splunk Phantom deployment Consult the app's documentation for details. Used by some apps to update or install their PIP dependencies.Īpps might need to reach specific endpoints in order to provide their functions. Used by the MaxMind app to add visualizations for IP address geolocation results. ![]() Used to access the community playbook repository.Īccess is required if your deployment uses an alternative repository for playbooks. If your organization prefers, you can use a satellite server instead. Required to run YUM updates for operating system components and installed software packages. If you use Splunk Mobile to access Splunk Phantom on mobile devices, your Splunk Phantom deployment must be able to reach If your deployment uses a Splunk Cloud deployment instead of the embedded Splunk Enterprise instance, Splunk Phantom must be able to reach your Splunk Cloud deployment. Required for RPM upgrades and automatic app upgrades. This table shows a list of the internet endpoints that a Splunk Phantom deployment uses. Use these tables to design the firewall rules for your deployment.Įndpoints for all Splunk Phantom deployments These tables list the ports which must be open to inbound traffic and internet endpoints which must be accessible to use Splunk Phantom. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |