Ports required for Log360 UEBA
Web Server Port
| Port |
Inbound |
Outbound |
Usage |
| HTTP/8096 (configurable) |
UEBA Server |
|
- By default, this port is used for communication between the admin server and browser.
- The port can be customized by the user. The acceptable range for the value is between 1024–65535.
|
Elasticsearch
| Port |
Inbound |
Outbound |
Usage |
| TCP/9230 (configurable) |
UEBA Search Engine Management Node [UEBA Node] |
|
- This port is used by the Elasticsearch server in UEBA.
- The port can be customized by the user. The acceptable range for the value is between 9230-9290.
|
Database
| Port |
Usage |
| TCP/33337 |
- The PostgreSQL database port is used in order to connect to the PostgreSQL database in UEBA.
- Firewall port need not be opened since the internal port is bound to localhost.
|
Redis Cache
| Port |
Usage |
| TCP/8179 |
- This port is used in order to connect to the Redis database in UEBA.
- The acceptable range for the value is between 8179-8189.
|
SSL Configured Server
| Port |
Usage |
| SSL/8446 |
- SSL port is used to enhance the security between server and the client through HTTPS.
- The port can be customized by the user. The acceptable range for the value is between 1024–65535.
|
ActiveMQ
| Port |
Usage |
| TCP/61616 |
- Fetches the real time events from integrated products.
- The acceptable range for the value is between 61616-61626.
|
Using Log360 with Antivirus Applications
To ensure unhindered functioning of Log360 UEBA, you need to add the following files to the exception list of your antivirus application:
| Path |
Need for whitelisting |
Impact if not whitelisted |
| <Log360_UEBA_Home>/bin |
All binaries are included here. Some antivirus applications might block them as false positives. |
Product might not function. |
| <Log360_UEBA_Home>/ES/data |
Elasticsearch indexed data is stored |
Reports and dashboard would be affected if the data is deleted. |
| <Log360UEBA_HOME>/ES/archive |
Elasticsearch archives are stored here. |
Archived anomalies data will not be available, if the files located here are deleted. |
| <Log360UEBA_HOME>/dbdata |
Temporary location to store Risk Score and Domain data. |
Risk Score and Domain Data loss will happen, if the folder was removed by Antivirus application. |
| <Log360_UEBA_Home>/pgsql/bin |
PostgreSQL binaries are included here. Might be detected as a false positive by Antivirus applications. |
Product might not start. |
| <Log360UEBA_HOME>/repo |
Elasticsearch index snapshot is taken at this location. |
Snapshots and Elasticsearch archival feature will fail, if the files at this location are deleted. |
| <Log360UEBA_HOME>/store |
Model files are stored here. Some Antivirus applications might block them as false positive. |
Anomaly detection will fail, if the files are removed by Antivirus application. |
| <Log360_UEBA_Home>/lib/native |
All binaries are included here. Some Antivirus applications might block them as false positives. |
Product might not function. |
| <Log360_UEBA_Home>/tools |
All tools binaries are included here. Some Antivirus applications might block them as false positives. |
Some tools might not work if the files are removed by Antivirus applications. |
