This is a diagram of Splunk components and network ports that are commonly used in a Splunk Enterprise environment. Firewall rules often need to be updated to allow communication on ports 8000, 8089, 9997, 8080 and 514.
https://s3.amazonaws.com/alexa-static/top-1m.csv.zip
https://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip
https://rules.emergingthreats.net/blockrules/compromised-ips.txt
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
http://hailataxii.com/taxii-data
https://list.iblocklist.com/?list=logmein
https://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb
https://list.iblocklist.com/?list=bt_proxy
https://list.iblocklist.com/?list=zfucwtjkfwkalytktyiw
https://list.iblocklist.com/?list=bt_spyware
https://list.iblocklist.com/?list=tor
https://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag
https://data.iana.org/TLD/tlds-alpha-by-domain.txt
https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json
https://publicsuffix.org/list/effective_tld_names.dat
https://data.phishtank.com/data/online-valid.csv.gz
https://isc.sans.edu/block.txt
https://api.us-2.crowdstrike.com
https://firehose.us-2.crowdstrike.com