Environment
- Cb Defense SIEM Connector
Question
What firewall ports are required to be open for the SIEM Connector traffic?
Answer
The port that needs to be opened is self-configured in the cb-defense-syslog.conf file. On the tcp_out or udp_out line, the syslog server is configured here, with the port of your choosing. This is the port that will need to be opened on the firewall.
Additional Notes
- Typically, we see Port 514 used for TCP or UDP, and Port 6514 for TLS+TCP.
- Any port can be configured and used.
Related Content