Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
121
Views
0
Helpful
1
Replies

Splunk SOAR Connector to ESA

RezaFH
Level 1
Level 1

‎05-19-2025 07:39 PM - edited ‎05-19-2025 07:40 PM

Greetings,

So I want to try to add Splunk SOAR to the get_report action (ref: https://github.com/splunk-soar-connectors/ciscoesa/blob/main/README.md) to my ESA prod to get additional reports to SOC but am facing some connectivity issues. 

Connection failed. Error string: 'HTTPSConnectionPool(host='10.xx.xx.xx', port=6443): Max retries exceeded with URL: /esa/api/v2.0/health (caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f549de8ed90>, 'Connection to 10.xx.xx.xx timed out. (connect timeout=60)'))'
Test Connectivity Failed. No action executions found.

I've already checked with my firewall team; the traffic has been allowed, but the traffic is seen as incomplete from ESA, and I continue to check. I've enabled AsyncOS API HTTPS using port 6443 and am still facing the same error. Am I missing something here?

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎05-20-2025 08:11 AM

Make sure its using https.
Make sure it either trusts the certificate (e.g. Splunk has the root that cert came from), or doesn't verify the certificate that's on your 6443 endpoint.
You may want to test it with something like Postman or even curl
The dots for authorization is the text : and then base64 encoded (you can do it with Notepad++)
curl --location 'https://esa1.domain.com:6443/esa/api/v2.0/health' --header 'Authorization: ******' --data ''
0 Helpful
Customers Also Viewed These Support Documents