Cb Defense: What firewall ports need to be open for the SIEM Connector?
search cancel

Cb Defense: What firewall ports need to be open for the SIEM Connector?

book

Article ID: 287845

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

What firewall ports are required to be open for the SIEM Connector traffic?

Environment

  • Cb Defense SIEM Connector

Resolution

The port that needs to be opened is self-configured in the cb-defense-syslog.conf file. On the tcp_out or udp_out line, the syslog server is configured here, with the port of your choosing. This is the port that will need to be opened on the firewall.

Additional Information

  • Typically, we see Port 514 used for TCP or¬†UDP, and Port 6514 for TLS+TCP.
  • Any port can be configured and used.