Hi,
Is there any option to detect internal network port scans from within the network or networks? Like for example using nmap or netcat or others from inside the local network, not from a wan source.
I'm posting this in endpoint as well.
Thanks,
Hi,
Is there any option to detect internal network port scans from within the network or networks? Like for example using nmap or netcat or others from inside the local network, not from a wan source.
I'm posting this in endpoint as well.
Thanks,
It's possible that Sophos NDR would detect a port scan, but I don't believe Endpoint or Firewall detect internal network scans.
Hello Wajdiaa,
Thank you for reaching out to the community forum.
If you are using Intercept X Advance with XDR, You can do so with Live Discover.
You may refer to this community, Reads. Port scan detection using Sophos Firewall data in the Data Lake
This will give you a good overview of all "scans" in your network or from WAN.
Good call-out, Glenn! I'm still not sure whether Sophos Firewall detects port scans on internal adapters or only external. If it does, the port scan would have to include the firewall's internal IP address. This is an advantage of an NDR appliance, which monitors all traffic within an internal network.