I want to detect what program in a Windows PC with Sophos Endpoint is trying to access a service running at a specific port in other equipament in my network.
Its possible to do that with at Sophos Central, with Live Discovery?
If I am correct in what you want - use the Processes with an open network connection query in Live Discover - it lists out the processes, their pid, the local and remote ports.
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Very interesting query, but it show only open conections. The connection I'm trying to identify its closed now. Machine A scans SNMP (port 161) in machine B. What application at machine A did it? Endpoit+Live Discover can track it for me?
if you are looking to investigate something in the past then you would have to get our XDR product which has a data lake that retains the data for a specified amount of days. Live Discover is a 'What's happening RIGHT NOW' service. All the data avail in Live Discover is avail in the data lake.
Thank you, with your sugestion, I've found what was looking for:
"Network activity of a process on a specific remote port (Data Lake)"
Unfortunatelly, didn't found information for PC I was analysing. Were I can found what data, and from what machine, are going to Sophos Data lake.