Skip to main content
Red Canary help

Networking / Firewall Requirements

  • Updated .

Enterprise Networking Requirements

Available in sensor version 1.2.4+

Enterprise Networking is enabled by default in all Linux EDR instances and may be leveraged to connect to a limited range of addresses. This allows you to connect to a single Red Canary domain, https://cwp-ingest.redcanary.io, for delivery of all telemetry and health and error reporting. This is available in any paid Linux EDR account.

Configuration

Add the following keys to /opt/redcanary/config.json. Both are required for enabling enterprise networking. These values are available in Red Canary under Endpoints > Deploy Sensors or at https://go.my.redcanary.co/endpoints/deploy_sensors.

  • outpost_auth_token
  • offload_target

Sample config.json

{
   "access_token":"xxxxxxxxxxxxxx",
   "subscription_plan":"Managed",
   "outpost_auth_token":"xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx",
   "offload_target":"Outpost"
}

 

Migrating from Standard to Enterprise Networking

If you are already using Red Canary Linux EDR without Enterprise Networking, you can migrate to it by adding the outpost_auth_token and offload_target to your config.json file, and restarting the service. You must be on sensor version 1.2.4 or above to use Enterprise Networking.

Sample config.json

{
   "access_token":"xxxxxxxxxxxxxx",
   "subscription_plan":"Managed",
   "outpost_auth_token":"xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx",
   "offload_target":"Outpost"
}

Restart Service

Once the new configuration is saved, restart the service for enterprise networking to take effect.

systemctl restart cfsvcd

Allow-list Domain

Please allow-list https://cwp-ingest.redcanary.io.

Verification

If there are any issues, check the sensor log file for errors relating to Outpost and reach out for support if needed. You can contact us in your dedicated Slack channel or at support@redcanary.com

Log File

/opt/redcanary/cf_system_log.csv

 

Standard Networking Requirements

If you do not want to use Enterprise Networking for any reason or are on a sensor version older than 1.2.4, Red Canary also supports standard networking. The following will need to be allowed in your firewall.

Outbound network connectivity
  • s3-us-east-2.amazonaws.com (tcp/443) 
  • 35.188.42.15 (tcp/443) 
  • 34.120.195.249 (tcp/443) 

You will also need to remove the offload_target and outpost_auth_token from your config.json file:

{
   "access_token":"xxxxxxxxxxxxxx",
   "subscription_plan":"Managed"
}

Proxy Support

To utilize a SOCKS proxy:
  • Set the HTTPS_PROXY or HTTP_PROXY environment variables
  • Or, add the following to config.json: "http_proxy": "https://HOST:PORT"

 

Comments

0 comments

Please sign in to leave a comment.