You must have an active Sandfly Security account in order to trigger actions. The account must also have an active license with the Splunk Connector feature activated. The configuration below will require your Sandfly Security Server portal URL and a username and password that can trigger the actions or retrieve the information.
The app uses HTTP/ HTTPS protocol for communicating with the Sandfly Security server. Below are the default ports used by Splunk SOAR.
Service Name | Transport Protocol | Port |
---|---|---|
http | tcp | 80 |
https | tcp | 443 |