Appendix 1c: EDR Services - IP Nos, Host Names and Ports
EDR agents on devices Xcitium communicate with Xcitium servers to receive policy settings, report alerts, upload files. and more.
You need to configure your firewall accordingly to
allow these connections.
Purpose |
Domain |
IPs and Ports |
Miscellaneous |
---|---|---|---|
Valkyrie query and upload |
Valkyrie.Xcitium.com |
52.60.56.170:443, 52.60.198.77:443 |
Valkyrie server domain hardcoded |
FLS query |
p10.fls.security.Xcitium.com |
45.77.153.162:4448 |
FLS server domain hardcoded |
Register and security logs. |
licensing.security.Xcitium.com |
178.255.87.18:443 |
Hardcoded in the code, Wireshark capture traces during installation phase. |
Acquire Valkyrie encrypted key from server |
cmc.Xcitium.com |
178.255.85.135:443 |
Hardcoded in the code, Wireshark capture traces during installation phase. |
Encrypted communications (optional) |
oscp.Xcitiumca.com ocsp.Xcitiumca.com.edgesuite.net |
184.50.87.41:443 184.50.87.75:443 |
Wireshark capture traces during installation phase. Not defined in the solution code. |
Policy, settings and heartbeat |
wtfibam2s5.execute-api.us-west-2.amazonaws.com |
13.33.231.28:443, 13.33.231.89:443, 13.33.231.27:443, 13.33.231.45:443 (variable) |
EDR production server domain hardcoded in solution |
Policy, settings and heartbeat |
6ynhsugqeg.execute-api.us-west-2.amazonaws.com |
13.33.231.65:443, 13.33.231.105:443, 13.33.231.109:443, 13.33.231.39:443 (variable) |
EDR development server domain from edragentsettings.conf |
Policy, settings and heartbeat |
h7tsgu3aej.execute-api.us-west-2.amazonaws.com |
13.33.231.80:443, 13.33.231.90:443, 13.33.231.52:443, 13.33.231.25:443 (variable) |
EDR staging server domain from edragentsettings.conf |
Upload event logs to AWS |
firehose.us-west-2.amazonaws.com |
52.119.165.138:443 52.119.162.196:443 52.119.162.43:443 52.119.169.95:443 52.119.168.237:443 (variable) |
SDK encapsulate the domain information. Extract the domain information from Wireshark monitor. |
-
The EDR agent uses port 443 to communicate over HTTPS with all servers exceptthe Xcitium FLS server, which uses port 4448.