Skip navigation

ADDM Custom Query needed to show local and remote network connections with discovered process, service, software instance (or candidate) and device hostnames

score 10
You have not voted. Not Planned

Need a custom query that reports

  1. Local and remote end of an observed communication, by IP, hostname/device/printer, protocol and port # and session state.
  2. Shows initiating host/device on the LEFT and accepting (listening) HOST on the right.
  3. Discovered PROCESS details
  4. Discovered SERVICE ( where applicable )
  5. Discovered SOFTWARE INSTANCE ( where available )
  6. Discovered CANDIDATE SOFTWARE INSTANCE (where available)
  7. Includes communications with UNSCANNED IP's
  8. Do not show duplicate records ( A->B , without the associated B->A _ record for the same IP/port pairs


Only need the NetworkConnections discovered during the last 1 to 5 successful scans.

This is for a small network , of say 500 devices.


I think this is basically a custom query that does what Visualization shows.


Objective is to export DATA FLOW diagrams that represent 'end to end' discovery about which software/process/services/ports are involved in each session between two devices.

Example report attached


Vote history