This bundle provides a dashboard, alerts, and trigger to monitor and report against unauthorized or sensitive ports, protocols, and services (PPS). Leverage Extrahop's new EX Records and search function along with our Visual Query Language to quickly observe and report on the specific time, volume, frequency, and L2 through L7 details of the flagged flows.
Increase your visibility into FTP files, users, and commands as well as Telnet users and commands by leveraging Extrahop's built-in L7 protocol decoders and EX Records. FTP and Telnet were chosen since they are unencrypted, sometimes used for nefarious purposes, and often scrutinized by security personnel. More L7 protocols can be easily referenced within the PPS trigger since we natively decode many more. See the extensive list of protocol support at https://www.extrahop.com/resources/protocols/
The included trigger can be quickly edited to add, remove, or modify the list of protocols that are monitored as part of this bundle.
Extrahop Discover and EXA Appliance (Version 5.0)
- After bundle installation, apply the SENSITIVE PPS trigger to those devices that you wish to monitor.
- Go to METRICS and RECORD QUERIES and click on the SENSITIVE PPS saved query. Note in your browser's URL bar the number specified after "/Records/".
- In the Sensitive PPS Dashboard, edit the text widget with the PPS table listing and change the # in "/Records/#" to the number you retrieved earlier.