This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS INTERCEPT X - PORT SCAN DETECTION

Greetings very good afternoon community!

I have a question.
Is the endpoint capable of detecting and reporting a port scan? That it has been executed on the network and towards computers that have the Endpoint installed? I have seen that the Sophos Firewall does detect them but I have no endpoint alerts

This thread was automatically locked due to age.

Top Replies

Matthew Ritchie 10 months ago +2

If you have XDR (or better yet, MDR), with your Data Lake Uploads enabled, it will appear as a Detection item and be available. As for Intercept X Advanced reporting a port scan occuring, it wont. However…

Parents

0 Maxim-Sophos 10 months ago

I do not believe Intercept X is currently configured to detect local port scans. In theory, it's possible that the IPS engine (in early access) might be able to detect scans. However, I don't know that SophosLabs has prioritized this over more urgent network protection like lateral movement of malware or command & control traffic.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 Maxim-Sophos 10 months ago

I do not believe Intercept X is currently configured to detect local port scans. In theory, it's possible that the IPS engine (in early access) might be able to detect scans. However, I don't know that SophosLabs has prioritized this over more urgent network protection like lateral movement of malware or command & control traffic.
Cancel
Vote Up +1 Vote Down

Cancel

Children

No Data