Frequently Asked Questions

We’ve answered the most common questions we get below. If you can’t find an answer to your question here then you could try out knowledgebase or contact us and we would be happy to help.

  • TCP 80: Default port for AIR Console (web-based management console and endpoint connections),
  • TCP 443: Optional port for enabling SSL,
  • TCP 4222: Optional port for enabling real-time task pushes to endpoints,
  • TCP/UDP 389 and 636: LDAP and LDAPS ports (when Active Directory enabled).
  • TCP/UDP 514: Syslog Port (when Syslog is enabled)
  • TCP/8080: Console Service port (local only)

AIR Endpoints are passive agents and Console is battle-tested on networks with up to 30.000 endpoints.

If you are planning to install AIR on a bigger network, please contact [email protected]

AIR uses HTTP as its default protocol. You can enable SSL by visiting Settings > SSL section.

Once Use SSL setting is enabled both Console and Endpoints will start using HTTPS port as their default protocol.

Absolutely! The level of forensic information AIR provides is the biggest differentiator that separates it from the rest of the crowd.

This fact makes AIR a perfect candidate for using it side-by-side with an EDR/XDR product.

Here are some EDR/XDR use-case examples:

  • Eliminating false positives by providing analysts with AIR reports,
  • Investigating pre-cursors,
    Enriching an alert,
  • Responding to EDR/XDR alerts automatically.

Yes. AIR can be triggered by your SIEM/SOAR product without human intervention.

This makes it a perfect match for responding to alerts you receive from these solutions.

Communication with SIEM products is bi-directional. So, AIR not only receives alerts/triggers from your SIEM but also reports the actions it performed back to it via Syslog Protocol.

You will see a notification on Console whenever a new version is released.

Clicking this notification will download the latest version for you to install manually.

There is no auto-update feature in AIR Console.

You don’t. Endpoints update themselves automatically.

Upon installation of a Console update, endpoints receive an update task in response to their first connection and automatically update themselves.