The list of TCP ports used in SOCtools, as available from the outside:
## Web interfaces
| port | description |
| ----: | ----------- |
| 5601 | Kibana |
| 6443 | MISP |
| 8888 | haproxy-stats (login: `haproxy`, password is in `secrets/passwords/haproxy`)
| 9000 | TheHive |
| ?? | Cortex |
| 9443 | NiFi web GUI |
| 12443 | Keycloak |
TODO others?
TODO open to anyone / local only?
## Data ingestion
The following port ranges are opened by haproxy to allow receiving data from external systems. These ports are forwarded to NiFi nodes. So, a processor in NiFi can listen on these ports and receive data from other systems.
TODO
Notes: According to haproxy.cfg, the followng ports are forwarded to NiFi:
- 7750-7760 (tcp)
- 7771 (tcp)
- 5000-5020 (http)
- 6000-6020 (tcp)
In fact, I can connect (using `nc`) to these ports 7750, 5000-5099, 6000-6099 (i.e. not 7751-7760, 7771; on the other hand, the 50??,60?? ranges are wider, I don't know where they are pointed to).
Ports already used or reserved for ingesting specific data into the system via NiFi:
| port | description |
| ----: | ----------- |
TODO (e.g. port(s) used for preconfigured ListenBeats data)
