In many cases, we are using the BlockBox as part of a larger consulting or analysis project, and for our analysts to do their work, they require receipt of the collected data back from the appliance(s). Receiving this data during a deployment is also of great assistance in troubleshooting a discovery.
The appliance has the ability to upload data built in, and by default will send it to one of our Tier 4 datacenters, depending on the region of the customer, over SSL (Port 443). This setting can be scheduled, or enabled/disabled under the main settings page of the BlockBox:
If "The Combine" setting is enabled, you can set how often data is uploaded from the appliance.
Do I need to unblock anything to allow this data out of my network?
The answer depends - most organizations allow outbound traffic over Port 443, so in most cases, you won't need to do anything. But if you are blocking outbound SSL traffic, here are some steps you can take to ensure the smooth flow of data:
- The most manageable solution for our customers is to open outbound HTTPS (TCP port 443) from the BlockBox appliance(s) to the internet
- If the firewall/IPS technology allows DNS-named resources, just open outbound HTTPS from the BlockBox appliance(s) to combine.block64.com
I don't want my data to leave, but I need to aggregate data from multiple appliances.
We support that! For customers whose data simply needs to stay on-prem, but whose deployment involves the use of multiple appliances, they can all push to and aggregate upon an 'aggregator' appliance. Any appliance in your setup can perform double duty as both a discovery node, and an aggregator. Once the 'Combine' switch has been disabled, you can specify, if needed, which local appliance should act as the aggregator.
What if I want to send you data periodically for analysis or support, but not on an ongoing basis?
No problem! You can choose to send a payload from the appliance at any time from the Utilities menu, by clicking 'Send DB to the Combine':
If you have any further questions or concerns, please let us know at firstname.lastname@example.org.