Article Number
000001263
Applies To
RSA Product Set: ECAT, NetWitness Endpoint
RSA Version/Condition: 4.x
Issue
The attached document describes the ports used from the RSA ECAT Server to hosts:
- ECAT Server to ECAT SQL Server
- ECAT Agent to ECAT Server
- ECAT UI to ECAT SQL Server
- ECAT UI to ECAT Server
- ECAT Server to SA
- ECAT Server to Log Decoder
- ECAT Server to Live
- ECAT Server to File Share
- ECAT SQL Server to File Share
- ECAT UI to File Share
- ECAT Server to Queued Data Folder
- ECAT SQL Server to Queued Data Folder
- ECAT Server to RAR ( Remote Access Relay)
- ECAT Agent to RAR ( Remote Access Relay)
Resolution
Traffic | Port(s) |
---|
ECAT Server to ECAT SQL Server | 1433 (TCP) |
ECAT Agent to ECAT Server | 443 (TCP) 444 (UDP) |
ECAT UI to ECAT SQL Server | 1433 (TCP) |
ECAT UI to ECAT Server | 9433 (TCP) 808 (TCP) |
ECAT Server to SA | 5671 (TCP) 443 (TCP) |
ECAT Server to Log Decoder(Or 3rd Party Syslog server) | 514 (UDP)* |
ECAT Server to Live | 443 (TCP) |
ECAT Server to File Share | 445, 137, 139 |
ECAT SQL Server to File Share | 445, 137, 139 |
ECAT UI to File Share | 445, 137, 139 |
ECAT Server to Queued Data Folder | 445, 137, 139 |
ECAT SQL Server to Queued Data Folder | 445, 137, 139 |
ECAT UI, custom client app, or browser to ECAT Server | 9433 |
ECAT Server to RAR ( Remote Access Relay) | 443(TCP) 444(UDP) 5671(RabbitMQ)** |
ECAT Agent to RAR ( Remote Access Relay) | 443 (TCP) 444 (UDP)* |
* For Syslog TCP connections, check the syslog server documentation for correct TCP port
** Applies to ECAT version 4.1.x only