The main configuration and operational area that may require troubleshooting are checking that the ports required to communicate with the Secureworks platform are open without conflicts. The IP ranges that we used for configuring VDR are:
UDP outbound on the specified port visible in Secureworks® Taegis™ VDR’s Interface towards 74.217.31.64/26 and 216.9.204.0/22 The current list of Red Cloak required ports are:
Source | Destination | Port/Protocol | Reason |
Red Cloak Endpoint Agent | 52.4.62.128/25, 54.244.50.128/25 (cluster.b.redcloak.secureworks.com) | TCP/443, TCP/17234 | Red Cloak Endpoint Agent Connectivity |
Red Cloak Endpoint Agent | https://redcloak.secureworks.com | TCP/443 | Remote Agent Upgrade performed by Secureworks Support |
F-Response US | 3.232.239.2 (fresponse-us1.ir.secureworks.com) | TCP/80 | Required for safelist in the US |
F-Response EU | 3.71.228.46 (fresponse-eu1.ir.secureworks.com) | TCP/80 | Required for safelist in the EU |
To get the latest required ports and release information see https://docs.ctpx.secureworks.com/.