Allowlist Requirements
This document consolidates essential information regarding system requirements, necessary ports, endpoints, IP addresses, and URLs, ensuring a seamless integration and optimal performance within your network environment.
Syslog Server system requirements
Before connecting the Firewall Log Analyzer app, verify that your server meets the minimum system requirements and the required ports are open.
| *Recommendations for connecting (1) Firewall to (1) Syslog Server | |
|---|---|
| Software / Hardware | Minimum Requirement |
| Operating System | Windows 10 Windows 2012, 2016, 2019 |
| CPU | 1.4 GHz |
| Memory | 4 GB |
| Protocol | Inbound UDP (From Firewall to Syslog Host) |
| Port | 514 (Default configuration) |
| HDD / Local Log Storage | The default local logging storage is disabled by default. Should you decide to enable this, the maximum log size is configurable with a default configuration of 10 GB. |
NOTE Syslog servers are only supported on the Windows RocketCyber agent, not on Linux or Mac.
Enabling UDP on Windows for Firewall Analyzer
Allowing inbound UDP traffic
Firewall Log Analyzer is architected to eliminate the need of shipping hardware or deploying complex software. To facilitate the collection of firewall telemetry, UDP 514 is the recommended protocol/port. It is very common that the configuration of Windows Firewall has this blocked, therefore the Firewall Analyzer app has been designed to automatically add an inbound rule for the configured Port and Protocol to allow traffic in. If you are using another host based firewall you should consult the documentation on how to allow this traffic. If your just curious about manually configuring the rule, read on.
Configuration
To allow Inbound UDP 514 on your Windows host as the syslog server, see steps below:
Windows 10
- Go to Control Panel --> Systems and Security --> Windows Defender Firewall
- Select Allow an App through Windows Firewall
- Select Advanced Settings --> Inbound Rules
- Create a New Rule
- Port (click next) --> UDP
- Specify port 514 (click next)
- Allow Connection (click next)
- Rule Applies should have { Domain, Public, Private } all checked (click next)
- Name this rule "RocketCyber Syslog"
- Click Finish
Required ports and endpoints
The agent communicates to the Kaseya MDR Cloud via the following destinations.
If the network environment limits access to the internet, please allow the following destinations and ports via firewalls or proxies for proper agent functionality.
For US Instance
| Description | PORT | Hostname |
|---|---|---|
| Main agent endpoint | 443/SSL | app.rocketcyber.com |
| S3 - Agent Binary Downloads | 443/SSL | s3.amazonaws.com |
| Agent WebSocket | 443/SSL | ws.app.rocketcyber.com |
| Threat Lookup Service | 443/SSL | tls-us.rocketcyber.com |
| Device Heartbeat Service | 443/SSL | dhs.us.rocketcyber.com |
| Agent App Results |
443/SSL | agent.us.rocketcyber.com |
| Agent Installation | 443/SSL | *.digicert.com |
| IoC App, Ransomware Detection | 443/SSL |
content.rocketcyber.com |
For EU Instance
| Description | PORT | Hostname |
|---|---|---|
| Main agent endpoint | 443/SSL | eu.rocketcyber.com |
| S3 - Agent Binary Downloads | 443/SSL | s3.amazonaws.com s3.eu-west-1.amazonaws.com |
| Agent WebSocket | 443/SSL | ws.eu.rocketcyber.com |
| Threat Lookup Service | 443/SSL | tls-eu.rocketcyber.com |
| Device Heartbeat Service | 443/SSL | dhs.eu.rocketcyber.com |
| Agent App Results | 443/SSL | agent.eu.rocketcyber.com |
| Agent Installation | 443/SSL | *.digicert.com |
| IoC App, Ransomware Detection | 443/SSL |
content.rocketcyber.com |
NOTE Kaseya MDR does not currently maintain static IPs for allowlisting. All allowlisting must be performed by hostname and port.
