Skip to main content
Skip table of contents

Least Privileged User: DX, Windows


The Data Indexer accepts logs for indexing, reads lists from EMDB, and returns log data upon request from the Web Console and Client Console.

Shared Services

N/A. At this time, Linux-based Data Indexers do not share data storage or any other resource outside the Data Indexer environment.

Registry Access 

Read ControlWrite OwnerWrite DACDeleteCreate LinkEnumerate SubkeysSet ValueQuery ValueFull ControlChildren Inherent
HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/ services/lr-bulldozerX


HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/ services/lr-carpenterX


HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/ services/lr-columboX


HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/ services/lr-elasticsearchX


HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/ services/lr-gomaintainX


HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/ services/lr-transporterX


HKEY_LOCAL_MACHINE/ SYSTEM/CurrentControlSet/ services/lr-watchtowerX


Database Access

The Elasticsearch database is accessed through service layers only, and user context is tied to the services.

Database access to the EMDB is controlled through specific services executing calls to the Platform Manager on port 1433.


Micro-ServiceProtocolDestination PortDirectionOperating SystemPurpose
BulldozerTCP1433Outbound from DX to PMWindowsSQL Server access to EMDB
CarpenterTCP1433Outbound from DX to PMWindowsSQL Server access to EMDB
ColumboTCP13130Inbound to DXWindowsWeb Console/Client Console queries
TCP13132Inbound to DXWindowsWeb Console Threat Activity Map port (GumShoe)
ElasticSearchTCP9200DX Local OnlyWindowsCurl queries to Elasticsearch
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.