Inquiry: Outbound Communication URLs from Wazuh

69 views
Skip to first unread message

chris

unread,
May 24, 2024, 7:31:07 AM5/24/24
to Wazuh | Mailing List

Dear Wazuh Community,

We've recently implemented Wazuh 4.7 on Ubuntu 22.04 for our security infrastructure and are aiming to tighten outbound communication while ensuring smooth operation.

As part of our configuration, we need to allow outbound communication specifically originating from Wazuh components. To achieve this, we're seeking assistance in identifying the URLs that Wazuh typically communicates with.

Below are the details of our setup:

  1. Wazuh Manager 4.7
  2. Filebeat
  3. OpenSearch (Wazuh indexer)
  4. Wazuh Dashboard

If anyone in the community has insights into the URLs or domains that Wazuh components typically communicate with for operational purposes, we would greatly appreciate your guidance. This information will be crucial in configuring our network to allow necessary communication while maintaining security.

Thank you in advance for your support and assistance.

Adedamola Okelola

unread,
May 24, 2024, 10:01:03 AM5/24/24
to chris, Wazuh | Mailing List

Hello Chris,


Wazuh uses the following ports for communication between its components and should be allowed:


1514/TCP or UDP: This port is used for communication between Wazuh agents and the Wazuh server.

 

55000/TCP: This port is used by the Wazuh dashboard to communicate with the Wazuh server's RESTful API.


1515/TCP: This port is used for agent enrollment. This is a TCP port that facilitates the automatic enrollment of Wazuh agents with the Wazuh server.


You could also allow the subdomain - packages.wazuh.com. This is the update URL for when you want to upgrade your Wazuh infrastructure.


Please see below link for information on other ports:


https://documentation.wazuh.com/current/getting-started/architecture.html#required-ports


Let me know if this helps.


--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/be4a1479-9f16-4997-9fa8-78d160c7aecdn%40googlegroups.com.

chris

unread,
May 28, 2024, 9:07:36 AM5/28/24
to Wazuh | Mailing List
Dear Okelola,

Thanks for your response.
Only the url mentioned above is necessary for the below modules to function properly.
Does OpenSearch, which we are also employing as our indexer, need a different URL?  

ModulesWAZUH.png

chris

unread,
May 29, 2024, 5:07:44 AM5/29/24
to Wazuh | Mailing List
Dear Team,

Could you please  help on above request ?

Reply all
Reply to author
Forward
0 new messages