This topic provides port and protocol information for Carbon Black EDR server communications.

Note:

Underlying IP addresses of identified servers can change. Avoid listing any specific IP addresses; instead, configure your firewalls to use DNS names.

Communication

Port

Protocol

Comment

Management Station to Carbon Black EDR Server

TCP 22

SSH

A management station is a machine from which system administrators can SSH into the Carbon Black EDRserver and address any required administrative tasks or troubleshooting.

Management Station to Carbon Black EDR Server

TCP 443

HTTPS (configurable)

Sensor to Carbon Black EDR Server

TCP 443

HTTPS (configurable)

NA

Primary Carbon Black EDR Server to Minion Carbon Black EDR Server

TCP 22

SSH

MinionApiPort in the cb.conf file allows configuration of the HTTPS port configuration.

TCP 443

HTTPS (configurable)

TCP 4369

RabbitMQ

TCP 5701

datagrid

TCP 6379

REDIS

TCP 6500

sensorservices

TCP 6501

sensorservices

TCP 8080

SOLR

TCP 9000

CB data store

TCP 25004

RabbitMQ

Minion Carbon Black EDR Server to Primary Carbon Black EDR Server

TCP 4369

RabbitMQ

NA

TCP 5002

POSTGRES

TCP 5600

liveresponse

TCP 5701

datagrid

TCP 6379

REDIS

TCP 6500

sensorservices

TCP 6501

sensorservices

TCP 8080

SOLR

TCP 25004

RabbitMQ

Minion Carbon Black EDR Server to Minion Carbon Black EDR Server

TCP 4369

RabbitMQ

NA

TCP 5701

datagrid

TCP 6500

sensorservices

TCP 6501

sensorservices

TCP 8080

SOLR

TCP 25004

RabbitMQ

Carbon Black EDR Server to a Carbon Black Alliance Server

TCP 443

HTTPS

For URLs that can accept Carbon Black Alliance Server communications, see one of the following:

  • api.alliance.carbonblack.com

    Points to the Carbon Black Alliance Server and has a single IP behind it that can change for various reasons over time.

  • api2.alliance.carbonblack.com

    Points to the Carbon Black Alliance Server. The single IP behind it can be different or the same as api.alliance.carbonblack.com. It can change for various reasons over time.

Note that the IPs behind these servers are subject to change.

Carbon Black EDR Server to Carbon Black Threat Intel

TCP 443

HTTPS

For a URL that accepts Carbon Black Threat Intel communications, see threatintel.bit9.com. This URL has multiple elastic IPs behind it, and it points to the "next-gen" Carbon Black Threat Intel infrastructure. The IPs behind this URL are subject to change.

Carbon Black EDR Server to YUM Repositories

TCP 443

HTTPS

For an API on this type of communication, see yum.distro.carbonblack.io.

TCP 80

HTTP

For an API on this type of communication, see mirror.centos.org or any other kind of enabled repository.

Note that Carbon Black EDR uses the default CentOS configuration when installing base CentOS packages.

Any communication supporting the installation or update of YUM repositories utilizes mirror.centos.org first, but that host is used only to identify the current mirror server list. After that, any of the available mirror servers might be chosen to download the actual packages.

If this default CentOS behavior is a problem, ask your system administrator to change the CentOS configuration.