What stays on-prem?
Flow telemetry, attack history, dashboards, reports, BGP state, API logs, configuration, and appliance data remain on the customer-controlled CoreDetection server unless your team exports or shares them.
CoreDetection runs inside your infrastructure, receives flow metadata from your routers, and peers with BGP only when you configure it. This page summarizes the controls enterprise buyers usually review before deployment.
Flow telemetry, attack history, dashboards, reports, BGP state, API logs, configuration, and appliance data remain on the customer-controlled CoreDetection server unless your team exports or shares them.
CoreDetection does not send live traffic or flow telemetry to CoreTech by default. Support data is shared only when your team intentionally provides logs, screenshots, exports, or diagnostic bundles.
Runtime licence validation is local and server-bound. Internet access may be used during installation or updates to download packages, container images, or release metadata when your deployment policy allows it.
Licences are issued for a specific server identity and verified locally. Air-gapped operation is supported after installation and activation steps are completed according to your deployment process.
Keep management surfaces private. The REST API is designed for NOC and automation systems, not direct internet exposure.
| Port | Scope | Purpose |
|---|---|---|
| 2055 / 4739 / 6343 UDP | Inbound from routers | NetFlow, IPFIX, sFlow, and jFlow-compatible telemetry ingest |
| 179 TCP | Between CoreDetection and routers | BGP RTBH / FlowSpec peering when enabled |
| 9009 TCP | Management network only | REST API; do not expose directly to the internet |
| 80 / 443 TCP | Outbound during install or update | Package, image, or update metadata download when allowed |
Retention depends on your storage, reporting, and compliance settings. Size disk for the flow volume and report history you plan to keep, and export or purge reports under your internal retention policy.
Back up configuration, licence material, and reports. For production, test restore procedures before enabling automated BGP response in a new environment.
Report suspected security issues to [email protected]. Include affected version, deployment context, reproduction steps, and logs if safe to share.
Formal PDFs should be generated from approved legal and security templates. Until those files are published, request the current review pack from the CoreDetection team.