Table of Contents |
---|
...
Ports required to be opened in the network | |||||
Source | TCP / UDP Port No. | Communication Pupose | Destination | ||
| |||||
APE | TCP | 80 | HTTP | Threat Feed Download | Internet |
8444 | HTTPS | Yum Update | |||
TCP/UDP | 43 | WHOIS | For domain resolutions | ||
TCP/UDP | 123 | NTP | Time Synchronization | NTP Server * | |
TCP | 25/465/587 | SMTP/+SSL | For Email Notifications | SMTP Server * | |
TCP/UDP | 53 | DNS | For DNS query | DNS Server * | |
TCP | 5000 | EDR Server Config | Policies and Remediation | EDR Server | |
TCP | 9090 |
| LTS API server | LTS Server | |
5701 |
| LTS Kibana | |||
| |||||
CCE | TCP | 22 or Custom Port | SSH | Logs & flows ingestion | APE |
CCE | TCP | 8443 | HTTPS | ||
CCE | TCP | 9092 | KAFKA | ||
TCP | 2181 | ||||
TCP | 22 or Custom Port | SSH / SFTP | Raw Logs | LTS | |
TCP | 8444 | HTTPS | Yum Update | Internet | |
TCP | 22 or Custom Port | SSH | Remediation | Windows Collector | |
TCP | 443 | HTTPS | Remediation | Firewalls | |
TCP/UDP | 123 | NTP | Time Synchronization | NTP Server * | |
TCP/UDP | 53 | DNS | For DNS query by logstash | DNS Server * | |
TCP | 443 | HTTPS | Audit Logs | Office365 | |
AD Logs | Azure AD | ||||
NSG Logs | Azure | ||||
Activity Logs | |||||
| |||||
EDR | TCP | 22 or Custom Port | SSH | EDR Logs | APE |
TCP | 443 or Custom Port | HTTPS | Logs and Remediation | Bi-directional between EDR server and Agents | |
| |||||
User PC | TCP | 80/443 | HTTP/HTTPS | OTM UI | APE |
TCP | 22 | SSH | Remote login to OTM Server | ||
| |||||
Windows Collector (NXLog) | TCP | 5985 | HTTP | Windows Events Subscription | Windows(AD/Desktop) |
UDP | 5154 | JSON | Windows logs in JSON | CCE | |
NXLog | UDP | 514 | Syslog | Syslog (MS Exchange, DNS, DHCP) | |
Routers | UDP | 9995 | Netflow v5/v9/IPFIX | Netflow | |
Switches | UDP | 6343 | Sflow | Sflow | |
Firewalls | UDP | 9995 | Netflow v5/v9/IPFIX | Netflow | |
UDP | 514 | Syslog | Firewall Logs | ||
Servers | UDP | 514 | Syslog | Application Logs | |
| |||||
OpenAPI | TCP | 22 | SSH |
| MTMT |
TCP | 443 | HTTPS | |||
TCP | 443 | HTTPS | ALL APE | ||
| |||||
|