Network Communications

The following sections provide information on the internal and external network communications of the managers and collectors within a fully functional MetaDefender NDR deployment. Generally speaking, the MetaDefender NDR collectors do the majority of their communication with or through the MetaDefender NDR manager.

Internal (East/West) Network Communications (encrypted unless otherwise stated)

Analyst/Admin Workstation -> MetaDefender NDR Manager TCP/443
Admin Workstation -> MetaDefender NDR Manager TCP/22
InQuMetaDefender NDRest Manager -> MetaDefender NDR Collector TCP/22
MetaDefender NDR Manager -> OPSWAT MetaDefender TCP/8008
MetaDefender NDR Collector -> OPSWAT MetaDefender TCP/8008 *
MetaDefender NDR Collector -> MetaDefender NDR Manager:8118 -> OPSWAT MetaDefender:8008 **
MetaDefender NDR Collector -> MetaDefender NDR Manager:8118 -> Proxy:3128 -> OPSWAT MetaDefender:8008 ***
MetaDefender NDR Manager -> Cuckoo TCP/8090
MetaDefender NDR Manager -> FireEye AX TCP/443
MetaDefender NDR Manager -> Joe Sandbox TCP/443
MetaDefender NDR Manager -> VMRay TCP/443
MetaDefender NDR Manager -> WildFire Sandbox TCP/443
MetaDefender NDR Manager -> TippingPoint SMS TCP/443
MetaDefender NDR Manager -> SIEM UDP/514 (unencrypted)
MetaDefender NDR Manager -> DNS Server UDP/53 (unencrypted)
MetaDefender NDR Manager -> CIFS/SMB Server TCP/139 TCP/445
MetaDefender NDR Collector -> MetaDefender NDR Manager TCP/22 TCP/3306 TCP/8118
MetaDefender NDR Collector -> DNS Server UDP/53 (unencrypted)
ICAP Integrations -> MetaDefender NDR Manager TCP/11344

External (North/South) Network Communications

MetaDefender NDR Manager -> MetaDefender NDR eyelet.inquest.net TCP/443
MetaDefender NDR Manager -> MetaDefender NDR updates.inquest.net TCP/443
MetaDefender NDR Manager -> MetaDefender NDR timesync1.inquest.net TCP/80
MetaDefender NDR Manager -> MetaDefender NDR timesync2.inquest.net TCP/80
MetaDefender NDR Manager -> MetaDefender NDR vault.inquest.net TCP/443
MetaDefender NDR Manager -> VirusTotal virustotal.com TCP/443
MetaDefender NDR Manager -> Joe Sandbox jbxcloud.joesecurity.org TCP/443
MetaDefender NDR Manager -> VMRay cloud.vmray.com TCP/443
MetaDefender NDR Manager -> CrowdStrike Falcon Sandbox reverse.it TCP/443
MetaDefender NDR Manager -> Wildfire Sandbox wildfire.paloaltonetworks.com TCP/443
If the integration option "OPSWAT InQuest Controls: Use global proxy settings" is disabled for the OPSWAT integration, OPSWAT communication will be direct from the MetaDefender NDR Collector to the OPSWAT MetaDefender.

** If the integration option "OPSWAT InQuest Controls: Use global proxy settings" is enabled for the OPSWAT integration, and no upstream proxy is configured on the MetaDefender NDR Manager, OPSWAT communication will originate from the MetaDefender NDR Collector, go through the MetaDefender NDR Manager and then to the OPSWAT MetaDefender Core.

*** If the integration option "OPSWAT InQuest Controls: Use global proxy settings" is enabled for the OPSWAT integration, and the upstream proxy is configured on the MetaDefender NDR Manager, OPSWAT communication will originate from the MetaDefender NDR Collector, go through the MetaDefender NDR Manager, then go through the Proxy and then to the OPSWAT MetaDefender.

Last updated on

Was this page helpful?