question

PCVan-0141 avatar image
0 Votes"
PCVan-0141 asked vipulsparsh-MSFT answered

How to use Defender Endpoint to find versions of SSL and TLS on the network

I'd like to use Defender Endpoint to identify all open SSL and TLS ports, and the versions of SSL and TLS on them, on the network covered by Defender Endpoint. Can that be done with a Kusto query? If so, what is the query? I've been looking in the query interface itself, plus Github and web searches and can't find anything.

Or, is there another way of finding that information in the Defender Endpoint web interface?

Thanks

azure-security-center
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PCVan-0141 Thanks for reaching out, let me check on this and get back to you.

0 Votes 0 ·

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@PCVan-0141 Thanks for reaching out and apologies for delay. I checked this in my setup.

We do not do packet level analysis to find the cryptographic HTTPS connections. The most you can see is if the connection was HTTPS or HTTP and the port 443 if HTTPS and porta 80 if HTTP. You will not be able to find the SSL, or TLS version with this.

That kind of information needs in depth network monitoring tools.
Currently you will be able to get port number pertaining to HTTPS or HTTP :

101483-image.png


If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.



image.png (236.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.