Network Communication
How Do Assets Communicate with the Console?
Section titled “How Do Assets Communicate with the Console?”All routine communication between assets and the XDR Forensics console is initiated by the assets—they do not receive incoming requests from external sources. Communication occurs through various protocols and channels:
Primary Communication Channels
Section titled “Primary Communication Channels”- HTTPS (TCP 443) – The main communication channel from assets to the console (e.g.,
<tenantname>.cisco-<region>.binalyze.io).
- WebSocket over HTTPS (TCP 443) – Used for interACT features.
- NATS (TCP 4222) (Optional) – Supports real-time task pushes to assets. If this port is unavailable, XDR Forensics defaults to HTTP(S) polling for task retrieval.
- DNS (UDP/TCP 53) – Required for name resolution services.
External Communication
Section titled “External Communication”- HTTPS to
<tenantname>.cisco-<region>.binalyze.io– Used for responder updates and installation packages. If the CDN is unavailable, the XDR Forensics console acts as a fallback source.
Evidence Repository Communication (When Configured)
Section titled “Evidence Repository Communication (When Configured)”- Cloud Storage: HTTPS communication to services like Amazon S3 and Azure.
- Traditional Storage: Supported via SFTP, FTPS, or SMB.
Proxy Support
Section titled “Proxy Support”If a proxy is configured in your environment, assets can communicate using:
- HTTP
- HTTPS
- SOCKS5