Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard (formerly CB Defense, standalone or combined)
- Enterprise EDR (formerly CB ThreatHunter, standalone or combined)
- Carbon Black Cloud (Windows/macOS/Linux) Sensor: All Versions
- Linux: All Supported Versions
- macOS: All Supported Versions
- Microsoft Windows: All Supported Versions
Question
If an external/remote host attempts to connect to a local host (with the Sensor installed) via a port that is closed on the local host, will the attempted connection show up in the Console?
Answer
No. The Carbon Black Cloud Sensor only monitors and reports on connections which have been established and will not show attempted inbound connections to a closed port.
Example:
remoteHost (without Sensor) attempts to connect to localHost (with Sensor) via localHost port 23 (Telnet) which has been closed
No connection from remoteHost to localHost:23 will be visible in Console as network connection/netconn was not established
Additional Notes
- Inbound connections only show in Console if established
- Attempted connection to closed port is never established
- Outbound connections from endpoint with Sensor to remote hosts will all be shown in Console
Related Content