Skip navigation

ADDM Custom Query needed to show local and remote network connections with discovered process, service, software instance (or candidate) and device hostnames

score 5
You have not voted. Not Planned

Need a custom query that reports

  1. Local and remote end of an observed communication, by IP, hostname/device/printer, protocol and port # and session state.
  2. Shows initiating host/device on the LEFT and accepting (listening) HOST on the right.
  3. Discovered PROCESS details
  4. Discovered SERVICE ( where applicable )
  5. Discovered SOFTWARE INSTANCE ( where available )
  6. Discovered CANDIDATE SOFTWARE INSTANCE (where available)
  7. Includes communications with UNSCANNED IP's
  8. Do not show duplicate records ( A->B , without the associated B->A _ record for the same IP/port pairs

 

Only need the NetworkConnections discovered during the last 1 to 5 successful scans.

This is for a small network , of say 500 devices.

 

I think this is basically a custom query that does what Visualization shows.

 

Objective is to export DATA FLOW diagrams that represent 'end to end' discovery about which software/process/services/ports are involved in each session between two devices.

Example report attached

Comments

Vote history