Steph_M
asked on
How to find a redirect in a repage - New Relic
Last week our firewall reports identified a new SaaS application in use: New Relic going to bam.nr-data.net/
I know what the application does, I just don't know how it got there.
We've tried pulling PCAPs, firewall reports, asking app dev if they installed it, asking the vendor if someone is paying for it, even searching for redirects to the site in Windows.
Experts, can you please provide some recommendations on how else to find the source of the redirect?
Some tools we have available: Wireshark, firewall, endpoint clients, SCCM, lite SIEM, unfortunately no web application firewall.
Regards,
Steph
I know what the application does, I just don't know how it got there.
We've tried pulling PCAPs, firewall reports, asking app dev if they installed it, asking the vendor if someone is paying for it, even searching for redirects to the site in Windows.
Experts, can you please provide some recommendations on how else to find the source of the redirect?
Some tools we have available: Wireshark, firewall, endpoint clients, SCCM, lite SIEM, unfortunately no web application firewall.
Regards,
Steph
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yeap.
But if the ports are already release then you have no chance to track down what process has fired.
Therefore my proposal with to get and hold the requestor ports by a dummy application.
Therefore my proposal with to get and hold the requestor ports by a dummy application.
ASKER
Well, I am going to give yo the win because your plan worked but my co-worker found a different way to accomplish it.
He downloaded TCPView and logged into some of our applications and sites until the IP showed up, that showed the process that was running. Turns out the 3rd party we use to manage our VOIP installed the app on their system.
Thanks for the help.
SM
He downloaded TCPView and logged into some of our applications and sites until the IP showed up, that showed the process that was running. Turns out the 3rd party we use to manage our VOIP installed the app on their system.
Thanks for the help.
SM
ASKER