Good Day !
We are looking for an effective method to track approved open ports for hosts that are ip scanned and unauthenticated. Approval must be based on port AND ip address.
We have looked at utilizing the authorized / unauthorized ports reporting capability however that is only useful when you are saying port 12345 is approved on all ip addresses.
Perfect world we would like to do the following:
1. Create a baseline ( ip address & port)
2. Report on any deviations from that baseline
Open to suggestions / ideas !