Exabeam Site CollectorExabeam Site Collector Guide

Table of Contents

Exabeam Site Collector Network Ports

Apply the port configurations that match your deployment. These ports are required for the Exabeam Site Collector to operate correctly. In addition, communications for deployment-specific scenarios must also be allowed.

When you whitelist a syslog source, you may need to refer to the Exabeam Site Collector's certificate authority. You can whitelist Transport Layer Security (TLS) syslogs as a source that can be whitelisted. For more information on configuring , see Configure Transport Layer Security (TLS) Syslog Ingestion.

Source

Destination

Port

Protocol

Description

All Site Collectors

DNS Server

53

DNS

DNS lookup

All Site Collectors

NTP Server

123

NTP

Time synchronization

Administrator Network

All Site Collectors

22

SSH

Administrator command line access to host via encrypted connection

Log Sources

All Site Collectors

514

or

515 (TLS)

Syslog

Collector registration and monitoring and syslog ingestion port from log sources

Unidirectional traffic

All Site Collectors

<InstanceID>.connect.exabeam.com

443

HTTPS

Exabeam Site Collector registration and monitoring

Primary Site Collector

<InstanceID>.connect.exabeam.com

443

TCP

OpenVPN tunnel for on-premises deployments

Warning

Do not configure more than one Open VPN connection per site collector and per SaaS tenant. Otherwise, network conflicts will occur.

Primary Site Collector

Domain Controller(s)

Global Catalog

389 or 636

3268 or 3269

LDAP

-or-

LDAPS

Active Directory context and administrator authentication

All Site Collector

accounts.google.com

443

HTTPS

Upload to Google Cloud Storage/Pub-Sub

All Site Collector

*.googleapis.com

or

oauth2.googleapis.com

www.googleapis.com

storage.googleapis.com

pubsub.googleapis.com

accounts.googleapis.com

443

HTTPS

Upload to Google Cloud Storage/Pub-Sub

Important

For Google Cloud Platform connections:

On-premises data centers must enable traffic on firewalls and proxies on TCP ports account.google.com:443 and *.googleapis.com:443 to access cloud services such as Cloud Storage .

Alternatively, you can use Private Google Access to connect to Google Cloud Platform services. For more information, see Private Google Access for on-premises hosts.

Additional Ports for Specific Configurations

If you are deploying additional services, review and configure appropriate ports if the following services match your environment:

Source

Destination

Port

Protocol

Description

Exabeam Log Collector

Local Site Collector

8484

HTTPS

Exabeam Log Collector registration and monitoring

Exabeam Log Collector

Local Site Collector

9092

9093

KAFKA TCP

Windows and Linux event collection using Exabeam Log Collector

Table 1. Exabeam log collectors in Windows or Linux


Source

Destination

Port

Protocol

Description

Primary Site Connector

Splunk

QRADAR

Other Log repositories/databases

8089

443

Various

HTTPS

Log collection using Site Connector to poll systems directly

Table 2. Exabeam polling for log collection


Source

Destination

Port

Protocol

Description

Primary Site Collector

Orchestrated security products and servers

Various

HTTPS

Third-party integrations

Table 3. Third-party integration