Elastic Endpoint Security - Unkown Internet Connections

RafnexJr · May 14, 2021, 9:28am

Hi everyone,

I deployed an Elastic Stack with Endpoint Security in my Lab and now I looked at the communication and some communication is clear to me, like:

telemetry.elastic[.]co
epr.elastic[.]co
artifacts.security.elastic[.]co

But I have a lot of communication from the Metricbeat of Endpoint Security to the IP 172.0.0.1 which is a public ip with the dns ( 172-0-0-1.lightspeed.brhmal.sbcglobal[.]net) according to Talos. Does anyone know for what this communication is?

Is there anywhere a ressource/documentation on the internet communication of the Elastic Stack components and mabye how to use it in an offline environment?

Thanks a lot! Cheers Steven

ferullo · May 14, 2021, 6:00pm

Hi @RafnexJr

Different Elastic applications on your computer will communicate locally with each other, that traffic happens over the IP address 127.0.0.1. Maybe you're seeing that traffic and transposed 127 to 172 when you did your lookup?

system · June 11, 2021, 6:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to connect elastic from public address Elasticsearch	7	1870	September 24, 2020
Elastic Endpoint Security with Elastic Agent Endpoint Security	16	3038	November 10, 2020
Elastic Endpoint Security missing host Endpoint Security	21	3538	November 4, 2020
Will Endpoint Security work offline? Endpoint Security	2	475	March 22, 2021
Elastic Security Endpoint Security Elastic Security	1	271	August 24, 2022

Elastic Endpoint Security - Unkown Internet Connections

Related topics