Skip to main content
Skip table of contents

Least Privileged User: DX, Linux


The Data Indexer accepts logs for indexing, reads lists from the EMDBs, and returns log data upon request from the Web Console and Client Console.

Shared Services

N/A. At this time, Linux-based Data Indexers do not share data storage or any other resource outside the Data Indexer environment.

Registry Access

N/A. The Linux-based Data Indexer uses alternate mechanisms for persistent settings.

Database Access

The Elasticsearch database is accessed through service layers only, and user context is tied to the services.

Database access to the EMDB is controlled through specific services executing calls to the Platform Manager on port 1433.


Data Indexer port configuration is handled automatically on the Data Indexer. All required ports are explicitly opened in the Linux firewall. All other ports are explicitly blocked.

Micro-ServiceProtocolDestination PortDirectionOperating SystemPurpose
BulldozerTCP1433Outbound from DX to PM


SQL Server access to EMDB
CarpenterTCP1433Outbound from DX to PM


SQL Server access to EMDB
ColumboTCP13130Inbound to DX


Web Console/Client Console queries
TCP13132Inbound to DXLinuxWeb Console Threat Activity Map port (GumShoe)
ElasticSearchTCP9200DX Local Only


Curl queries to Elasticsearch
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.