Appendix A. Network Ports
The table below shows all the ports that Exabeam either connects to or receives connections from. Ensure these ports are configured appropriately for data and communications traversal.
Service | Hosts | Port | TCP | UDP |
|---|---|---|---|---|
SSH | All Cluster Hosts | 22 | ✓ | |
BGP | All Cluster Hosts | 179 | ✓ | |
Exabeam Web UI (HTTPS) | All Cluster Hosts | 8484 | ✓ | |
Docker | All Cluster Hosts | 2376 | ✓ | |
Docker | All Cluster Hosts | 2377 | ✓ | |
Docker | All Cluster Hosts | 4789 | ✓ | |
Docker | All Cluster Hosts | 7946 | ✓ | ✓ |
Docker Registry | Master Host | 5000 | ✓ | |
Kafka Connector | All Cluster Hosts | 8083 | ✓ | |
Kafka | All Cluster Hosts | 9092 | ✓ | |
Kafka | All Cluster Hosts | 9093 | ✓ | |
Kafka | All Cluster Hosts | 9094 | ✓ | |
MongoDB | All Cluster Hosts | 27017 | ✓ | |
MongoDB | All Cluster Hosts | 27018 | ✓ | |
MongoDB | All Cluster Hosts | 27019 | ✓ | |
Hadoop | All Cluster Hosts | 9000 | ✓ | |
Hadoop | All Cluster Hosts | 50010 | ✓ | |
Hadoop | All Cluster Hosts | 50020 | ✓ | |
etcd | First 1 or 3 nodes up to highest odd number | 2379 | ✓ | |
etcd | First 1 or 3 nodes up to highest odd number | 2380 | ✓ | |
Ping | All Cluster Hosts | ICMP | ||
Elastalert | All Cluster Hosts | 3030 | ✓ | |
Disaster Recovery Socks Proxy | Master and Failover Hosts | 10022 | ✓ | |
NTP | Master Host | 123 | ✓ | |
DNS | All Cluster Hosts | 53 | ✓ | |
SMTP | Master and Failover Hosts | 25 | ✓ | |
SMTPS | Master and Failover Hosts | 587 | ✓ | |
Syslog Forwarder | Target Host | 514 | ✓ | ✓ |
Syslog Forwarder | All Cluster Hosts | 515 | ✓ | |
Disaster Recovery MongoDb | Master and Failover Hosts | 5123 | ✓ | |
Exabeam Coordination Service (Zookeeper) | All Cluster Hosts | 2181 | ✓ | |
Exabeam Coordination Service (Zookeeper) | All Cluster Hosts | 2888 | ✓ | |
Exabeam Coordination Service (Zookeeper) | All Cluster Hosts | 3888 | ✓ | |
Exabeam Data LakeUI | Master Host | 5601 | ✓ | |
Exabeam SOAR Metrics UI | Case Manager Host | 5850 | ✓ | |
Exabeam SOAR Server | Case Manager Host | 7999 | ✓ | |
Exabeam SOAR Server | Case Manager Host | 8097 | ✓ | |
Exabeam SOAR Server | Case Manager Host | 9998 | ✓ | |
Exabeam SOAR Server | Case Manager Host | 9999 | ✓ | |
Exabeam Advanced Analytics Engine | All Advanced Analytics Martini Hosts | 8090 | ✓ | |
Exabeam Advanced Analytics API | Master/Main Advanced Analytics Node | 8482 | ✓ | |
Exabeam Advanced Analytics UI | Master Host | 8483 | ✓ | |
Exabeam Health Agent | All Cluster Hosts | 8659 | ✓ | |
Exabeam SOAR-LEMON | Case ManagementHost | 8880 | ✓ | |
Exabeam SOAR-LEMON | Case Manager Host | 8888 | ||
Exabeam SOAR-LEMON | Case ManagementHost | 8889 | ✓ | |
Exabeam SOAR Syslog | Case Manager Host | 9875 | ✓ | ✓ |
Exabeam SOAR Action Controller | OAR Host | 9978 | ✓ | |
Exabeam Advanced Analytics Engine JMX | All Advanced Analytics Martini Hosts | 9003 | ✓ | |
Exabeam Advanced Analytics LIME JMX | All LIME Hosts | 9006 | ✓ | |
Exabeam Replicator | Master Host | 9099 | ✓ | |
Elasticsearch | All Cluster Case Manager Hosts | 9200 | ✓ | |
Elasticsearch | All Cluster Case Manager Hosts | 9300 | ✓ | |
Datadog and Threat Intelligence Service | Master and Failover Hosts | 443 | ✓ |
Ensure ports for third-party products allow traffic from Exabeam Hosts.
Service | Port | TCP | UDP |
|---|---|---|---|
LDAP (Non-secure Connection) | 389 | ✓ | |
LDAP (Secure Connection) | 636 | ✓ | |
QRadar | 443 | ✓ | |
ArcSight ESM | 3306 | ✓ | |
Ganglia | 8081 | ✓ | |
Splunk | 8089 | ✓ | |
ArcSight Logger | 9000 | ✓ | |
RSA | 50105 | ✓ | |
eStreamer | 8000 | ✓ |