I want to detect what program in a Windows PC with Sophos Endpoint is trying to access a service running at a specific port in other equipament in my network.
Its possible to do that with at Sophos Central, with Live Discovery?
so, to clarify. You are looking for outbound connection to Port XXXXX from a specific client?
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
If I am correct in what you want - use the Processes with an open network connection query in Live Discover - it lists out the processes, their pid, the local and remote ports.
Very interesting query, but it show only open conections. The connection I'm trying to identify its closed now. Machine A scans SNMP (port 161) in machine B. What application at machine A did it? Endpoit+Live Discover can track it for me?
if you are looking to investigate something in the past then you would have to get our XDR product which has a data lake that retains the data for a specified amount of days. Live Discover is a 'What's happening RIGHT NOW' service. All the data avail in Live Discover is avail in the data lake.
Thank you, with your sugestion, I've found what was looking for:
"Network activity of a process on a specific remote port (Data Lake)"
Unfortunatelly, didn't found information for PC I was analysing. Were I can found what data, and from what machine, are going to Sophos Data lake.