Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 3823 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Live Discover Query to identify application trying to access specific remote port

Tiago Bianchini1

Hi

I want to detect what program in a Windows PC with Sophos Endpoint is trying to access a service running at a specific port in other equipament in my network.

Its possible to do that with at Sophos Central, with Live Discovery?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    If I am correct in what you want - use the Processes with an open network connection query in Live Discover - it lists out the processes, their pid, the local and remote ports. 

  • 0 in reply to FormerMember

    Very interesting query, but it show only open conections. The connection I'm trying to identify its closed now. Machine A scans SNMP (port 161) in machine B. What application at machine A did it? Endpoit+Live Discover can track it for me?

  • FormerMember
    0 FormerMember in reply to Tiago Bianchini1

    if you are looking to investigate something in the past then you would have to get our XDR product which has a data lake that retains the data for a specified amount of days. Live Discover is a 'What's happening RIGHT NOW' service. All the data avail in  Live Discover is avail in the data lake.

Reply
  • FormerMember
    0 FormerMember in reply to Tiago Bianchini1

    if you are looking to investigate something in the past then you would have to get our XDR product which has a data lake that retains the data for a specified amount of days. Live Discover is a 'What's happening RIGHT NOW' service. All the data avail in  Live Discover is avail in the data lake.

Children
Unfiltered HTML