Thanks for reaching out to the Sophos Community Forum. With Sophos Live Discover, it is possible to run a query for this information from Sophos Central.
The following query will show you the currently open/active network sockets on the given device.
SELECT (
CASE family
WHEN 2 THEN 'IP4'
WHEN 10 THEN 'IP6'
ELSE family END
) AS family, (
CASE protocol
WHEN 6 THEN 'TCP'
WHEN 17 THEN 'UDP'
ELSE protocol END
) AS protocol, local_address, local_port,
remote_address, remote_port
FROM process_open_sockets
WHERE family IN (2, 10)
AND protocol IN (6, 17)
In addition to data/tables specific to Sophos, Live Discover uses the open-source Osquery Schema to give you access to additional tables. You can find more information on this in the following link. - Sophos Schema
