Elastic Endpoint Security - Unkown Internet Connections

Hi everyone,

I deployed an Elastic Stack with Endpoint Security in my Lab and now I looked at the communication and some communication is clear to me, like:

telemetry.elastic[.]co
epr.elastic[.]co
artifacts.security.elastic[.]co

But I have a lot of communication from the Metricbeat of Endpoint Security to the IP 172.0.0.1 which is a public ip with the dns ( 172-0-0-1.lightspeed.brhmal.sbcglobal[.]net) according to Talos. Does anyone know for what this communication is?

Is there anywhere a ressource/documentation on the internet communication of the Elastic Stack components and mabye how to use it in an offline environment?

Thanks a lot! Cheers Steven

1 Like

Hi @RafnexJr

Different Elastic applications on your computer will communicate locally with each other, that traffic happens over the IP address 127.0.0.1. Maybe you're seeing that traffic and transposed 127 to 172 when you did your lookup?

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.