Least Privileged User: DX, Linux
Purpose
The Data Indexer accepts logs for indexing, reads lists from the EMDBs, and returns log data upon request from the Web Console and Client Console.
Shared Services
N/A. At this time, Linux-based Data Indexers do not share data storage or any other resource outside the Data Indexer environment.
Registry Access
N/A. The Linux-based Data Indexer uses alternate mechanisms for persistent settings.
Database Access
The Elasticsearch database is accessed through service layers only, and user context is tied to the services.
Database access to the EMDB is controlled through specific services executing calls to the Platform Manager on port 1433.
Ports
Data Indexer port configuration is handled automatically on the Data Indexer. All required ports are explicitly opened in the Linux firewall. All other ports are explicitly blocked.
| Micro-Service | Protocol | Destination Port | Direction | Operating System | Purpose |
|---|---|---|---|---|---|
| Bulldozer | TCP | 1433 | Outbound from DX to PM | Linux | SQL Server access to EMDB |
| Carpenter | TCP | 1433 | Outbound from DX to PM | Linux | SQL Server access to EMDB |
| Columbo | TCP | 13130 | Inbound to DX | Linux | Web Console/Client Console queries |
| TCP | 13132 | Inbound to DX | Linux | Web Console Threat Activity Map port (GumShoe) | |
| ElasticSearch | TCP | 9200 | DX Local Only | Linux | Curl queries to Elasticsearch |