Share via

How to use Defender Endpoint to find versions of SSL and TLS on the network

PCVan 1 Reputation point
2021-05-27T16:19:25.51+00:00

I'd like to use Defender Endpoint to identify all open SSL and TLS ports, and the versions of SSL and TLS on them, on the network covered by Defender Endpoint. Can that be done with a Kusto query? If so, what is the query? I've been looking in the query interface itself, plus Github and web searches and can't find anything.

Or, is there another way of finding that information in the Defender Endpoint web interface?

Thanks

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,518 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,306 Reputation points Microsoft Employee
    2021-06-01T19:45:55.293+00:00

    @PCVan Thanks for reaching out and apologies for delay. I checked this in my setup.

    We do not do packet level analysis to find the cryptographic HTTPS connections. The most you can see is if the connection was HTTPS or HTTP and the port 443 if HTTPS and porta 80 if HTTP. You will not be able to find the SSL, or TLS version with this.

    That kind of information needs in depth network monitoring tools.
    Currently you will be able to get port number pertaining to HTTPS or HTTP :

    101483-image.png

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.