Using the Security Intelligence Center (SIC)

Hi. I'm trying to determine if a particular port if open between a source IP and a destination IP. In the SIC, I'm entering the IP in the IPs section for each and the particular protocol and port. I have been using Restrict to real hosts (instead of All IPs or Empty Host Space) but I'm not certain of the distinction between the three. Can you explain?

1reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Sure - in your case, since you already know the specific, individual IP's you want to use, you probably want to leave this setting on the default "All IP's".

    The other two settings make sense when you're querying to a whole destination subnet, or even larger things (like, say, a topology group).  What these settings let you do is ask "how many known, scanned hosts in the destination are accessible?", or the inverse, "how many open IP's are there that do not have any scanned hosts in them?".  These are useful when you only want to know about access if it lands on a host you know about, or the reverse problem, where you're curious to find locations that may have a host that hasn't been scanned.

    In your case, you already know the individual destination IP, so "All IP's" means "leave my query alone, answer just for the IP I asked you".  It won't check for the presence (or absence) of any scan data at that IP.

    And of course, you can choose whether to do an Access query, or a Detailed Path, depending on how much detail you need.

    Reply Like
Like Follow
  • 9 mths agoLast active
  • 1Replies
  • 311Views
  • 2 Following