| Minimum Software Version | 8.17.X |
| Solution(s) | Cases International ✓ Cases US ✓ Institutions ⨉ Counsel ⨉ |
Overview
Uncover is an AI-powered feature introduced in Opus 2 Platform Version 8.17, designed to work alongside the existing Workbench application. It is delivered securely within the Opus 2 platform via an embedded iframe and supports real-time streaming responses in Focused View.
In some environments, corporate security tools (for example, remote browser isolation or web proxies such as ZScaler RBI) may prevent Focused View from loading or streaming correctly. This is typically resolved by allowlisting the required endpoints.
This guide outlines exactly what needs to be whitelisted and answers common IT and security questions about the traffic, protocols, and data flow.
What Needs to Be Whitelisted
To ensure Focused View (Uncover) functions correctly, please allowlist the following endpoints.
Required URLs
Uncover application
https://us.east.1.uncover.legal
WebSocket (AWS IoT Core – us-east-1 regional endpoint)
wss://a18hyosz89kelb-ats.iot.us-east-1.amazonaws.com/mqtt
Protocols & Ports
| Purpose | Protocol | Port |
|---|---|---|
| Application Access | HTTPS | 443 |
| Real-time streaming | WSS (Websocket over TLS) | 443 |
No additional ports are required.
Common Questions from IT & Security Teams
What is Focused View and why does it use WebSockets?
Focused View displays real-time streaming responses from Uncover while a user is actively interacting with the assistant. To support this, the browser establishes a secure, persistent WebSocket connection during the session.
This enables:
- Low-latency streaming responses
- Improved user experience for AI-generated content
- No polling or background services
Is the connection inbound or outbound?
The connection is outbound only.
- The user’s browser initiates the HTTPS and WebSocket connections
- No connections are initiated into your internal network
- Focused View only consumes messages from the service
Is the WebSocket connection persistent?
Yes, but only for the duration of the user session.
- A connection is opened when Focused View is used
- It remains open while the session is active
- It is terminated automatically when:
- The session ends
- The page is refreshed
- The browser tab is closed
If a new Focused View session is started, a new connection is established.
What technology is used for WebSocket communication?
- WebSockets are established using an MQTT JavaScript library
- Messages are structured and streamed using JSON
- Each AI response is delivered via a dedicated, short-lived topic
Subscriptions are dynamically created and removed as responses are streamed.
How is access secured?
Security is enforced at multiple levels:
- The AWS IoT Core endpoint is regional, not global
- A custom authorizer validates:
- Tenant identity
- Workspace context
- User session tokens
- Users can only subscribe to topics they are explicitly authorised to access
This does not expose your network to general AWS IoT traffic.
Does this allow access to all AWS IoT Core traffic?
No.
- The endpoint is specific to Opus 2.
- It is restricted by:
- A regional endpoint
- A custom authorisation layer
- Allowlisting this endpoint does not permit access to other AWS IoT services or tenants
Are there any redirects involved?
No.
- The Uncover application does not perform URL redirects
- All traffic is contained within the URLs listed above
Does Focused View require bidirectional data transfer?
The WebSocket connection is technically bidirectional, but in practice:
- The browser sends subscription and session metadata
- Focused View only receives streamed responses
- No background data uploads or file transfers occur
Will TLS inspection or web proxy inspection cause issues?
In some environments, TLS inspection or remote browser isolation may interfere with WebSocket (WSS) connections.
If users experience:
- A blank Focused View panel
- Focused View loading indefinitely
- Streaming responses failing to appear
We recommend:
- Allowlisting the endpoints above
- Bypassing deep inspection for this traffic where possible
Summary
To enable Focused View:
- Allowlist two URLs
- Permit HTTPS and WSS over port 443
- Ensure WebSocket traffic is not blocked or terminated by security tooling
If your IT or Security team would like additional technical clarification, Opus 2 Platform Support is happy to engage directly.