Requirements

Software requirements

Splunk platform

Python

The add-on requires Python 3.9 or later. Splunk Enterprise 9.3+ ships with Python 3.9; Splunk 10.2+ ships with Python 3.13.

Network requirements

Outbound connectivity

The add-on requires HTTPS (port 443) access to the Whisper Security API:

Proxy support: If your Splunk server does not have direct internet access, configure an HTTP/HTTPS/SOCKS5 proxy in Configuration > Settings > Proxy URL.

Firewall rules

Allow outbound HTTPS (TCP 443) from:

• Search heads -- for search commands (whisperlookup, whisperquery, whisperschema)
• Search heads -- for modular inputs (health check, baseline, threat intel, watchlist)

No inbound connectivity is required. The add-on does not open any listening ports.

API key requirements

Get a free API key at console.whisper.security.

Tip: You can install and test the add-on without an API key using the Anonymous plan. The whisperlookup and whisperquery commands work with Anonymous access, but some macros (whisper_cname_chain, whisper_spf_chain) require higher plan tiers due to traversal depth requirements.

Splunk Cloud requirements

The add-on passes Splunk AppInspect with zero failures for both precert and cloud tag sets. Cloud-specific requirements that are already met:

• All credentials stored via storage/passwords (encrypted)
• No hardcoded file paths (uses $SPLUNK_HOME environment variable)
• No prohibited .conf files (outputs.conf, authentication.conf, etc.)
• No reserved port usage
• No shebang lines in Python files
• No exec(), eval(), or shell execution
• Uses sc_admin role (not admin) for Cloud compatibility
• SSL/TLS verification enabled on all network calls

Next steps

• Installation -- Install the add-on
• Configuration -- Set up your API key and connection settings