I deployed an Elastic Stack with Endpoint Security in my Lab and now I looked at the communication and some communication is clear to me, like:
But I have a lot of communication from the Metricbeat of Endpoint Security to the IP 184.108.40.206 which is a public ip with the dns ( 172-0-0-1.lightspeed.brhmal.sbcglobal[.]net) according to Talos. Does anyone know for what this communication is?
Is there anywhere a ressource/documentation on the internet communication of the Elastic Stack components and mabye how to use it in an offline environment?
Thanks a lot! Cheers Steven