HP ArcSight Port and Protocol Information

Similar documents
HPE Security ArcSight User Behavior Analytics

McAfee SIEM Port Usage by Appliance

HPE Security ArcSight Connectors

Release Notes ArcSight SmartConnector

Global Information Assurance Certification Paper

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors

Security, Internet Access, and Communication Ports

Security in the Privileged Remote Access Appliance

HPE Security ArcSight Connectors

akkadian Global Directory 3.0 System Administration Guide

Micro Focus Security ArcSight Connectors. SmartConnector for McAfee Gateway Syslog. Configuration Guide

HP 6125 Blade Switch Series

TCP, UDP Ports, and ICMP Message Types1

Cisco Meeting Management

HP 6125 Blade Switch Series

HPE ArcSight Management Center

VII. Corente Services SSL Client

HPE Security ArcSight Connectors

Security in Bomgar Remote Support

HPE Security ArcSight Connectors

JSA Common Ports Lists

Google Cloud Platform: Customer Responsibility Matrix. December 2018

HPE Security ArcSight Connectors

HP Software product hierarchy updates

HPE Security ArcSight Connectors

HP Intelligent Management Center Remote Site Management User Guide

HP Load Balancing Module

Cisco ISE Ports Reference

Ports and Protocols. Clearswift SECURE Web Gateway v4.x. Issue /04/2017. Clearswift Public

Required Ports for Cisco Prime Collaboration

Account Management. Administrator Guide. Secure Gateway (SEG) Service Administrative Guides. Revised August 2013

HPE Security ArcSight Connectors

Cisco Passguide Exam Questions & Answers

HP Intelligent Management Center Remote Site Manager

Oracle Mission Critical Support Platform. General. Installation. Troubleshooting. Inventory and Discovery. Frequently Asked Questions Release 2.

STRM Log Manager Administration Guide

HP Device Connect - Software Lite Technical Quick Specs

HPE Security ArcSight Connectors

Download the latest version of the DNS2Go Client from:

Centrify for ArcSight Integration Guide

IP Communications Required by Cisco Unity Connection

HP Database and Middleware Automation

BCM50 Rls 6.0. Router - IP Firewall. Task Based Guide

Ports and Protocols. Clearswift SECURE Web Gateway v4.x. Version 2.2. October Clearswift Public

Creating a Multi-data Center (MDC) System

Stonesoft Management Center. Release Notes Revision A

Proficy Application Suite Port (Firewall) Requirements Plant Applications, SOA/Workflow, Vision, Historian, Universal Client (UC), and Licensing

HPE Security Fortify WebInspect Enterprise Software Version: Windows operating systems. Installation and Implementation Guide

HPE Security ArcSight Connectors

F5 BIG-IQ Centralized Management: Licensing and Initial Setup. Version 5.1

Clearswift SECURE Exchange Gateway V4.8

Configuring Embedded LDAP Authentication

Google Cloud Platform: Customer Responsibility Matrix. April 2017

The Privileged Remote Access Appliance in the Network

ExtraHop 6.1 ExtraHop Explore Admin UI Guide

Security, Internet Access, and Communication Ports

Customer Support: For more information or support, please visit or at Product Release Information...

HPE Security ArcSight Connectors

VI. Corente Services Client

HPE Security ArcSight SmartConnectors. Format Preserving Encryption Environment Setup Guide

Cisco ISE Ports Reference

Veritas NetBackup Appliance Security Guide

Security, Internet Access, and Communication Ports

Network Communication Requirements for SecureAuth IdP

Cisco ISE Ports Reference

Security, Internet Access, and Communication Ports

Clearswift SECURE Gateway V4.x

Integrate Check Point Firewall. EventTracker v8.x and above

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Keeping your HP ArcSight connectors healthy

Polycom RealPresence Access Director System

1 of 5 5/19/05 9:48 AM

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.9. Version 2.3. November Clearswift Public

Micro Focus Security ArcSight Connectors. SmartConnector for Microsoft IIS Multiple Site File. Configuration Guide

Systrome Next Gen Firewalls

Intel Small Business Extended Access. Deployment Guide

Port Utilization in Unified CVP

Introduction to Change and Configuration Management

Appliance Installation Guide

Security White Paper For GlobalScan NX Version 1.5

Stonesoft Management Center. Release Notes Revision A

Centrify for ArcSight Integration Guide

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.3. Version 01 14/03/2016. Clearswift Public

Netwrix Auditor for SQL Server

RSA Authentication Manager 8.0 Security Configuration Guide

Electronic Access Controls June 27, Kevin B. Perry Director, Critical Infrastructure Protection

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.8. Version 2.0. July Clearswift Public

NGFW Security Management Center

HP Instant Support Enterprise Edition (ISEE) Security overview

Cisco ISE Ports Reference

Clearswift SECURE Gateway V4.9

Requirements and Dependencies

Proxy Log Configuration

HP FlexFabric 5700 Switch Series

RSA NetWitness Platform

BIG-IQ Centralized Management: Licensing and Initial Setup. Version 5.0

MITEL PERFORMANCE ANALYTICS

CommandCenter Secure Gateway

Firewall Enterprise epolicy Orchestrator

Transcription:

Important Notice HP ArcSight Port and Protocol Information The information (data) contained on all sheets of this document constitutes confidential information of Hewlett- Packard Company or its affiliates (collectively hereinafter HP ) and is provided for evaluation purposes only. In consideration of receipt of this document, the recipient agrees to maintain such information in confidence and to not reproduce or otherwise disclose this information to any person outside the group directly responsible for evaluation of its contents, unless otherwise authorized by HP in writing. There is no obligation to maintain the confidentiality of any such information which was known to recipient without restriction prior to receipt of this document as evidenced by written business records; which becomes publicly known through no fault of recipient; or which is rightfully received by recipient from a third party without restriction. This document includes information about current HP products, sales, and service programs that may be enhanced or discontinued at HP's sole discretion. HP has endeavored to include in this document the materials that are believed to be reliable and relevant for the purpose of recipient's evaluation. Neither HP nor its representatives make any warranties as to the accuracy or completeness of the information. Accordingly, this document is provided for information purposes only in the hope that HP may be considered to receive your business. Neither HP nor its representatives shall have any liability to recipient or any of its representatives as a result of the use of the information provided. Only a mutually agreed-upon written definitive agreement, signed by the authorized representatives of the parties, shall be binding on HP or its affiliates. The term solution in the context of this proposal is defined as the products and services proposed herein. Since additional information may be required from you in order to develop the appropriate configuration for your project, the term solution does not imply that those products or services as proposed are guaranteed to, or will, meet your requirements. The use of the terms partner or partnership in this proposal does not imply a formal, legal, or contractual partnership, but rather a mutually beneficial relationship arising from the teamwork between the parties. If there are any concerns, questions, or issues regarding this notice, please contact your sales representative. Copyright 2012 Hewlett-Packard Development Company, L.P. Page-2

HP ArcSight Ports and Protocols HP ArcSight Port and Protocol Information This document describes the most commonly used ports and protocols used by HP ArcSight ESM, Express, Logger,, and software. HP ArcSight ESM & Express (v5.x/v3.x) Source Device Destination Device Destination Port Notes Analyst Workstation Administrator Workstation ArcSight Express/ESM Appliance TCP 22 Console to SSH access for troubleshooting and diagnostics. Workstation DNS Server(s) UDP/TCP 53 Console to DNS server communication (nslookup tool). Host resolution of during Console login. Workstation Whois Server(s) UDP/TCP 43 Console to Whois server communication (whois tool). Workstation Selected Destination/Target in Console ICMP Console to target communication (ping tool). Workstation HP ArcSight Web TCP 9443 Web browser to HP ArcSight Web HP ArcSight Web NTP Server(s) UDP 123 to NTP server (for time synchronization). DNS Server(s) UDP/TCP 53 to DNS server communication (nslookup tool). SMTP Server(s) TCP 25 to SMTP server (for notifications). POP3 Server(s) TCP 110 to POP3 server (for notifications). IMAP Server(s) TCP 143 to IMAP server (for notifications). LDAP Server(s) TCP 389 or 636 to LDAP server (if applicable). TCP 389 w/o SSL; TCP 636 w/ SSL. RADIUS Server(s) UDP 1645 or 1812 to RADIUS server (if applicable). HP ArcSight Database TCP 1521 (1) HP ArcSight Web to to HP ArcSight Database Page-3

Connectors, Logger Connectors, and Connector to secure and encrypted event channel. Logger TCP 443 Allows you to receive events from a source installation and send them to a secondary destination (Forwarding Connector). Allows you to receive events from a source installation and send Syslog Server(s) UDP/TCP 514 Allows you to receive events from a source installation and send McAfee epolicy Orchestrator TCP 1433 Allows you to receive events from a source installation and send Web Service Client ESM TCP 9090 The ESM Service Layer is available and exposes functionalities as Web Services. By consuming the exposed Web Services, you can integrate ESM functionality in your own applications. (1) If your database is setup on Microsoft Windows and you have blocked inbound ports as described above, your connections to the database might fail. This behavior is observed because the Oracle database, running on Windows, redirects connection requests coming from its clients on TCP 1521 to different, non-standard ports. When the client tries to establish a connection on the redirected port, it is blocked by the firewall. For more information, see the Oracle MetaLink bulletin Solving Firewall Problems on Windows (Doc ID: Note: 68652.1) at https://metalink.oracle.com/. To allow successful connections in such a setup, you need to open all inbound TCP ports between your ESM and your database IP addresses or use SQL*Net proxy for your firewall. Page-4

HP ArcSight Logger (v5.x) Source Device Destination Device Destination Port Notes Analyst Workstation Logger TCP 443 Web browser to Logger Administrator Workstation Logger TCP 22 SSH access for troubleshooting and diagnostics. Logger NTP Server(s) UDP 123 Logger to NTP server (for time synchronization). Logger DNS Server(s) UDP/TCP 53 Logger to DNS server Logger SMTP Server(s) TCP 25 Logger to SMTP server (for notifications). Logger Syslog Server(s) UDP/TCP 514 Logger to syslog server (for notifications). Logger SNMP Server(s) UDP 162 Logger to SNMP server (for notifications). Logger RADIUS Server(s) UDP 1645 or 1812 Logger to RADIUS server (when Logger is configured to use RADIUS password authentication). Logger NFS Server(s) TCP 111 UDP 111 TCP 2049 UDP 2049 TCP 2219 UDP 2219 Allows Logger to connect to servers via NFS for event archiving and search export. Logger CIFS Server(s) TCP 445 Allows Logger to connect to servers via CIFS for event archiving and search export. Logger NFS Server(s) TCP 111 UDP 111 TCP 2049 UDP 2049 TCP 2219 UDP 2219 Allows Logger File Receivers to read log files from NFS servers. Allows Logger Connectors (L3400 & L3400-PCI) to read logs from NFS servers. Logger CIFS Server(s) TCP 445 Allows Logger File Receivers to read log files from CIFS servers. Allows Logger Connectors (L3400 & L3400-PCI) to read logs from CIFS servers. Logger Syslog Event Sources SCP, SFTP, FTP Server(s) TCP 22 (SCP, SFTP) TCP 20 & 21 (FTP) Allows Logger File Transfer Receiver to read remote log files using SCP, SFTP or FTP protocols. Logger UDP/TCP 514 Used by Logger syslog Receivers. Page-5

Connectors, Logger Connectors, and Logger Logger Logger TCP 443 Connector to Logger secure and encrypted event channel (SmartMessage Receiver). and/or Syslog Server(s) ( ), UDP/TCP 514 Used to forward audit events from Logger to the. Used to send all events, or events which match a particular filter, on to a particular host. Logger SCP Server TCP 22 (SCP) Allows backup of Logger configuration to remote host. Page-6

HP ArcSight (v6.x) HP ArcSight Port and Protocol Information Source Device Destination Device Destination Port Notes Analyst Workstation TCP 443 Web browser to Connector Appliance Administrator Workstation TCP 22 SSH access for troubleshooting and diagnostics. NTP Server(s) UDP 123 to NTP server (for time synchronization). DNS Server(s) UDP/TCP 53 to DNS server SMTP Server(s) TCP 25 to SMTP server (for notifications). RADIUS Server(s) UDP 1645 or 1812 to RADIUS server (when Connector Appliance is configured to use RADIUS password authentication). Connectors or Connectors or Connector to secure and encrypted event channel. Logger TCP 443 Connector to Logger SmartMessage secure and encrypted event channel. NFS Server(s) TCP 111 UDP 111 TCP 2049 UDP 2049 TCP 2219 UDP 2219 Allows Connectors to read logs from NFS servers. CIFS Server(s) TCP 445 Allows Connectors to read logs from CIFS servers. Connectors and TCP 9001 (C1300 & SmartConnector) TCP 9001-9004 (C3400) TCP 9001-9008 (C5400) Allows to manage remote (appliance and/or software). Syslog Server(s) UDP/TCP 514 Used to forward audit events from to syslog server(s). SCP Server TCP 22 (SCP) Allows backup of Connector Appliance configuration to remote host. Page-7

HP ArcSight Connectors Source Device Destination Device Destination Port Notes Connector DNS Server(s) UDP/TCP 53 Connector to DNS server Connectors or Connectors or Forwarding Connector Forwarding Connector Forwarding Connector Forwarding Connector SmartConnector for Microsoft Active Directory Actor Model Syslog Event Sources SNMP Event Sources Windows Unified (WUC) Connector to secure and encrypted event channel. Logger TCP 443 Connector to Logger SmartMessage secure and encrypted event channel. TCP 9001 Allows to manage remote Connectors (appliance and/or software). Allows you to receive events from a source installation and send Logger TCP 443 Allows you to receive events from a source installation and send Syslog Server(s) UDP/TCP 514 Allows you to receive events from a source installation and send McAfee epolicy Orchestrator Microsoft Active Directory TCP 1433 TCP 389 or 636 Allows you to receive events from a source installation and send Extracts the user identity information from an Identity Management (IdM) database and populates the Actor resources in with this data. Connector UDP/TCP 514 All products that send events via syslog. Connector UDP 162 All products that send events via SNMP. Windows Servers and Workstations TCP 445 Collection is done with a leastprivileged non-administrative account. Page-8

Windows Domain (Legacy) Check Point Check Point Windows Servers TCP 135, 139, 445 UDP 137,138 Check Point Provider-1 (configure for each CMA) Check Point Provider-1 or Smart Center TCP 18184 TCP 18210 The Windows Domain Connector will use RPC and Remote Registry to connect to the server and poll the Windows Event Log. This Connector requires domain privileges and domain membership. The Check Point Connector will connect to Provider-1 using Log Export API (LEA) using SSLCA and OPSEC will need to be configured per CMA. Allows Connector to pull OPSEC SSL certificate. Oracle Oracle Server TCP 1521 The Connector establishes connectivity to the database. Microsoft SQL Server Microsoft SQL Server TCP 1433 TCP 139, 445 UDP 135, 139, 445 The Connector establishes connectivity to the database and reads audit trace logs simultaneously. Trace files are not a requirement with some products reporting to Microsoft SQL Server. MySQL MySQL Server TCP 3306 The Connector establishes connectivity to the database. Blue Coat Sourcefire Server hosting Blue Coat Connector and FTP server Sourcefire Defense Center Server TCP 20 TCP 21 TCP 8302 Allows Blue Coat to send logs to server hosting Blue Coat Connector over FTP and FTP- Data. SSL connection for the Defense Center estreamer protocol. The third-party Connector types listed above are some of the most common Connectors deployed. For any third-party Connector not listed, please refer to the SmartConnector Configuration Guide for information on the ports and protocols used. Page-9

HP ArcSight Network Synergy Platform (v5.x) HP ArcSight Port and Protocol Information Source Device Destination Device Destination Port Notes Workstation NSP TCP 442 Web browser to NSP NSP Managed devices TCP 20 & 21 (FTP) Configuration file transfer. NSP Managed devices TCP 22 (SSH, SCP, SFTP) Securely copy or transfer files. NSP Managed devices TCP 23 (telnet) Managed device access through the appliance only as needed. NSP Managed devices UDP 69 (TFTP) Configuration file transfer. NSP Managed devices ICMP Device discovery. NSP Managed devices Multiple ports Device discovery, if OS fingerprinting is selected. Managed devices NSP TCP 20 & 21 (FTP) Configuration file transfer. Managed devices NSP TCP 22 (SSH, SCP) Securely copy or transfer files (SSH proxy; SCP on demand only). Managed devices NSP UDP 69 (TFTP) Configuration file transfer (TFTP on demand only). NSP SMTP Server(s) TCP 25 (SMTP) E-mail notifications (if enabled on your appliance). NSP SNMP Server(s) UDP 161 & 162 (SNMP) SNMP notifications (if your appliance is configured to send them). NSP Syslog Server(s) UDP 514 (syslog) Syslog messages (if your appliance is configured to send them). NSP WINS Server(s) UDP/TCP 1512 NSP to WINS server communication to resolve Windows NETBIOS names. NSP NTP Server(s) UDP 123 NSP to NTP server (for time synchronization). NSP DNS Server(s) UDP/TCP 53 NSP to DNS server NSP NSP Syslog Connector (running on or as a software SmartConnector) UDP 514 (syslog) TRM Connector configured to integrate NSP with and take TRM actions on managed devices through the NSP appliance. The NSP appliance forwards the notification messages it generates to an HP ArcSight Common Event Format (CEF) Syslog Connector that sends the events on to the. Page-10

The information that resides on your NSP appliance is well protected. Any port, except 443, is opened only for the length of time it takes to perform the action related to that port. After the action has been performed, the port is closed. The appliance opens no unnecessary ports or third-party software vulnerabilities that might compromise the security of the information. Page-11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback