Exabeam Site Collector for SaaSExabeam Site Collector

Network Ports

The table below lists Exabeam-specific ports. Communication to existing infrastructure tools (such as DNS, NTP, authentication, backup, etc.) also must be allowed.

When you whitelist a Syslog source, you may need to refer to the Site Collector's certificate authority. By default, the certificate authority is located in /etc/ssl/certs/exabeam/<InstanceID>-exa-ca.pem.

Source

Destination

Port

Protocol

Purpose / Use Case

User Network

Site Collector

22

SSH

Command line access to host via encrypted connection

Log Sources

Site Collector

514/TCP

514/UDP

515/TCP

Syslog

Syslog ingestion port from log sources

Unidirectional traffic

All Exabeam Log Collectors

Site Collector

9092/TCP

9093/TCP

8484/TCP

Agent communication (Kafka)

Destination port for Kafka-based log collectors for file, Windows events, etc.

Unidirectional traffic

Site Collector

On-premises and Virtual

<InstanceID>.beats.exabeam.com

8484/TCP

HTTPS

Destination port for Beats log collector agents

Unidirectional traffic

Site Collector

SaaS Deployments

<InstanceID>.beats.exabeam.com

443/TCP

HTTPS

Destination port for local Beats log collector agents

Unidirectional traffic

Site Collector

<InstanceID>.connect.exabeam.com

443/TCP

-or-

1194/TCP

TCP

OpenVPN tunnel

Warning

Do not configure more than one Open VPN connection per site collector. Otherwise, network conflicts will occur.

Site Collector

Google Cloud Storage

443/TCP

HTTPS

Data upload

Site Collector

Datadog Monitoring Service

443/TCP

HTTPS

Optional monitoring

Site Collector

Active Directory server(s)

389/TCP

-or-

636/TCP

LDAP

-or-

LDAPS

Context pull and authentication

Site Collector

Additional log repositories (such as Splunk, QRadar, etc.)

(varies)

HTTPS

Examples:

Splunk (8089/TCP)

QRadar (443/TCP)

Site Collector

Orchestrated security products and servers

(varies)

Typically HTTPS

Example:

Symantec AV (9090/TCP)

Site Collector

*.agent.datadoghq.com

443/TCP

HTTPS

Exabeam Monitoring

Site Collector

process.datadoghq.com

443/TCP

HTTPS

Exabeam Monitoring

Site Collector

accounts.google.com

443/TCP

HTTPS

Google Cloud Storage/Pub-Sub

Site Collector

*.googleapis.com

443/TCP

HTTPS

Google Cloud Storage/Pub-Sub

Site Collector

accounts.googleapis.com

443/TCP

HTTPS

Google Cloud Storage/Pub-Sub

Important

For Google Cloud Platform connections:

On-premises data centers must enable traffic on firewalls and proxies on TCP ports account.google.com:443 and *.googleapis.com:443 to access cloud services such as Cloud Storage .

Alternatively, you can use Private Google Access to connect to GCP services. For more information, see Private Google Access for on-premises hosts.