This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Live Discover Query to identify application trying to access specific remote port

Hi

I want to detect what program in a Windows PC with Sophos Endpoint is trying to access a service running at a specific port in other equipament in my network.

Its possible to do that with at Sophos Central, with Live Discovery?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    If I am correct in what you want - use the Processes with an open network connection query in Live Discover - it lists out the processes, their pid, the local and remote ports. 

Reply
  • FormerMember
    0 FormerMember

    If I am correct in what you want - use the Processes with an open network connection query in Live Discover - it lists out the processes, their pid, the local and remote ports. 

Children
  • Very interesting query, but it show only open conections. The connection I'm trying to identify its closed now. Machine A scans SNMP (port 161) in machine B. What application at machine A did it? Endpoit+Live Discover can track it for me?

  • FormerMember
    0 FormerMember in reply to Tiago Bianchini1

    if you are looking to investigate something in the past then you would have to get our XDR product which has a data lake that retains the data for a specified amount of days. Live Discover is a 'What's happening RIGHT NOW' service. All the data avail in  Live Discover is avail in the data lake.

  • Thank you, with your sugestion, I've found what was looking for:

    "Network activity of a process on a specific remote port (Data Lake)"

    Unfortunatelly, didn't found information for PC I was analysing.  Were I can found what data, and from what machine, are going to Sophos Data lake.