-
Notifications
You must be signed in to change notification settings - Fork 10
Ports Reference
Melvin PETIT edited this page Jun 17, 2026
·
1 revision
Default host ports published by each Docker tool, as written in Medusa's compose files. CLI tools have no ports.
| Tool | Module | Port(s) | Protocol / notes |
|---|---|---|---|
| Wazuh Dashboard | SOC | 443 |
HTTPS |
| Wazuh API | SOC | 55000 |
HTTPS |
| Wazuh agents | SOC |
1514, 1515, 514/udp
|
agent / enrollment / syslog |
| OpenCTI | SOC | 8080 |
HTTP |
| MISP | SOC | 443 |
HTTPS |
| DFIR-IRIS | SOC | 4433 |
HTTPS |
| Cortex | SOC | 9001 |
HTTP |
| Velociraptor | SOC |
8889, 8000
|
GUI / agent frontend |
| Shuffle | SOC | 3443 |
HTTP |
| GRR | SOC |
8001, 8010
|
UI / admin |
| Arkime | SOC | 8005 |
HTTP |
| Eramba | GRC | 8443 |
HTTPS |
| CISO Assistant | GRC | 8443 |
HTTP, |
| SimpleRisk | GRC | 8445 |
HTTPS |
| GoPhish Admin | GRC | 3333 |
HTTPS |
| GoPhish Phishing | GRC | 8083 |
HTTP, landing pages |
| Keycloak | Integration | 8180 |
HTTP |
| Vault | Integration | 8200 |
HTTP, dev mode |
| OWASP ZAP | Integration | 8090 |
HTTP, /zap/
|
| Teleport | Integration |
3023, 3080
|
SSH proxy / web |
| Falco | Integration | — | daemon, no web interface |
| Greenbone/OpenVAS | OT | 9392 |
HTTP |
-
8443— Eramba and CISO Assistant. Both publish on8443. Running both simultaneously in the same environment will fail. Deploy them in separate environments that are not running at the same time, or edit one tool's compose file to remap its host port. -
443— Wazuh and MISP. Both bind443. Same caveat applies.
Ports are written into medusa_deployments/<env>/<tool>/docker-compose.yml. To change one, edit the ports: mapping (left side is the host port) and restart:
./medusa.sh restart <tool>When adding a tool, check this table before choosing a port. See Adding-a-Tool.
Next: Troubleshooting · Security
Repository · Issues · Security policy · MIT License
Get running
Concepts
Tool catalog
Reference
Develop