Cb Defense: What firewall ports need to be open for the SIEM Connector?
book
Article ID: 287845
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
What firewall ports are required to be open for the SIEM Connector traffic?
Environment
Cb Defense SIEM Connector
Resolution
The port that needs to be opened is self-configured in the cb-defense-syslog.conf file. On the tcp_out or udp_out line, the syslog server is configured here, with the port of your choosing. This is the port that will need to be opened on the firewall.
Additional Information
Typically, we see Port 514 used for TCP or UDP, and Port 6514 for TLS+TCP.