Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

OTM: Pre-install-Port Requirements

Owned by Customer Success & Engineering (Unlicensed)
Last updated: Apr 28, 2023
1 min read



Overview

 

Before proceeding for any device configuration following ports need to be allowed from the firewall so that the communication between CCE and device can be established

 

Ports required to be opened in the network

Source

TCP / UDP Port No.

Communication Pupose

Destination

 

APE

TCP

80

HTTP

Threat Feed Download

Internet

8444

HTTPS

Yum Update

TCP/UDP

43

WHOIS

For domain resolutions

TCP/UDP

123

NTP

Time Synchronization

NTP Server *

TCP

25/465/587

SMTP/+SSL

For Email Notifications

SMTP Server *

TCP/UDP

53

DNS

For DNS query

DNS Server *

TCP

5000

EDR Server Config

Policies and Remediation

EDR Server

TCP

9090

 

LTS API server

LTS Server

5701

 

LTS Kibana

 

CCE
(Upto ver 8.3.2)

TCP

22 or Custom Port

SSH

Logs & flows ingestion

APE

CCE
(Above ver 9.0.2)

TCP

8443

HTTPS

CCE
(All versions)

TCP

9092

KAFKA

TCP

2181

TCP

22 or Custom Port

SSH / SFTP

Raw Logs

LTS

TCP

8444

HTTPS

Yum Update

Internet

TCP

22 or Custom Port

SSH

Remediation

Windows Collector

TCP

443

HTTPS

Remediation

Firewalls

TCP/UDP

123

NTP

Time Synchronization

NTP Server *

TCP/UDP

53

DNS

For DNS query by logstash

DNS Server *

TCP

443

HTTPS

Audit Logs

Office365

AD Logs

Azure AD

NSG Logs

Azure

Activity Logs

 

EDR

TCP

22 or Custom Port

SSH

EDR Logs

APE

TCP

443 or Custom Port

HTTPS

Logs and Remediation

Bi-directional between EDR server and Agents

 

User PC

TCP

80/443

HTTP/HTTPS

OTM UI

APE

TCP

22

SSH

Remote login to OTM Server

 

Windows Collector (NXLog)

TCP

5985

HTTP

Windows Events Subscription

Windows(AD/Desktop)

UDP

5154

JSON

Windows logs in JSON

CCE

NXLog

UDP

514

Syslog

Syslog (MS Exchange, DNS, DHCP)

Routers

UDP

9995

Netflow v5/v9/IPFIX

Netflow

Switches

UDP

6343

Sflow

Sflow

Firewalls

UDP

9995

Netflow v5/v9/IPFIX

Netflow

UDP

514

Syslog

Firewall Logs

Servers

UDP

514

Syslog

Application Logs

 

OpenAPI

TCP

22

SSH

 

MTMT

TCP

443

HTTPS

TCP

443

HTTPS

ALL APE

  • Server could be installed in the Local network or may be pointing to an Internet public host.

  • If APE is hosted at Seceon DC, the CCE Server will forward logs to APE using SSH Port which could be a customs port as well. 



 

Seceon Inc. All rights reserved. https://www.seceon.com