QRadar/ Kafka configuration with ICDM - socket connection setup timeout
book
Article ID: 380315
calendar_today
Updated On:
Products
Endpoint Security Complete
Issue/Introduction
You are setting up Qradar in ICDM with External Kafka, however the connection times out.
Cause
The broker IPs have not been whitelisted in the firewall.
Resolution
Here are the host names of the brokers that need to be whitelisted.
- ses-kafka-0.prod-1.us-east1.jetstream-ccdf.csp01.saas.broadcom.com (34.73.9.204)
- ses-kafka-1.prod-1.us-east1.jetstream-ccdf.csp01.saas.broadcom.com (35.196.81.114)
- ses-kafka-2.prod-1.us-east1.jetstream-ccdf.csp01.saas.broadcom.com (34.74.174.82)
- ses-kafka-3.prod-1.us-east1.jetstream-ccdf.csp01.saas.broadcom.com (34.73.121.185)
- ses-kafka-4.prod-1.us-east1.jetstream-ccdf.csp01.saas.broadcom.com (35.231.192.6)
- ses-kafka-5.prod-1.us-east1.jetstream-ccdf.csp01.saas.broadcom.com (35.243.174.206)
Feedback
thumb_up
Yes
thumb_down
No