Skip to main content

Integration API Ports

Review a full list of protocols and ports required for add-ons or any queries leveraging Netwrix Auditor Integration API.

  • Allow outbound connections from the dynamic (1024 - 65535) local port on the computer where Netwrix Auditor Server resides.
  • Allow outbound connections to remote ports on the source and inbound connections to local ports on the target.

On any computer you plan to host the add-on (source), allow outbound connections to remote 9699 TCP port. On the computer where Netwrix Auditor Server resides (target), allow inbound connections to local 9699 TCP port.

Add-onPortProtocolSourceTargetPurpose
All add-ons or queries9699TCPScript or query hostNetwrix Auditor  ServerThe default Netwrix Auditor Integration API port. However, you can configure another TCP port for that purpose.
AlienVault USM53UDP/TCPScript hostDNS ServerDNS Client
Amazon Web Services443TCPScript hostAmazon Web Services
53UDP/TCPScript hostDNS serverDNS Client
- Event Log Export - IBM QRadar - Intel Security - LogRhythm - SolarWinds Log & Event Manager - Splunk53UDP/TCPScript hostDNS serverDNS Client
CEF Export53UDP/TCPScript hostDNS serverDNS Client
- Cisco Network Devices - Privileged User Monitoring - General Linux Syslog514UDPCisco network devicesService hostThe default port for Cisco network devices remote Syslog logging. However, you can configure another UDP port for that purpose.
53UDPService hostDNS serverDNS Client
HPE ArcSight515TCPScript hostArcSight Logger
514UDPScript hostArcSight Logger
53UDP/TCPScript hostDNS serverDNS Client
53UDPScript hostDNS serverDNS Client
RADIUS Server139TCPScript hostRADIUS serverRPC/NP Eventlog
445TCPScript hostRADIUS serverRPC/NP Eventlog
137UDPScript hostRADIUS serverRPC/NP Eventlog
138UDPScript hostRADIUS serverRPC/NP Eventlog
135TCPScript hostRADIUS serverRPC Endpoint Mapper Eventlog
1024 – 65535 (Dynamically assigned)TCPScript hostRADIUS serverRPC Eventlog
53UDP/TCPScript hostDNS serverDNS Client