Need a custom query that reports
- Local and remote end of an observed communication, by IP, hostname/device/printer, protocol and port # and session state.
- Shows initiating host/device on the LEFT and accepting (listening) HOST on the right.
- Discovered PROCESS details
- Discovered SERVICE ( where applicable )
- Discovered SOFTWARE INSTANCE ( where available )
- Discovered CANDIDATE SOFTWARE INSTANCE (where available)
- Includes communications with UNSCANNED IP's
- Do not show duplicate records ( A->B , without the associated B->A _ record for the same IP/port pairs
Only need the NetworkConnections discovered during the last 1 to 5 successful scans.
This is for a small network , of say 500 devices.
I think this is basically a custom query that does what Visualization shows.
Objective is to export DATA FLOW diagrams that represent 'end to end' discovery about which software/process/services/ports are involved in each session between two devices.
Example report attached