Sensitive Port Monitoring
Continuous monitoring of risky and customer-specified network ports on your public assets, with findings in the report and alerts when a port that should not be exposed appears on the internet.
WASViking® Sensitive Port Monitoring watches the network ports exposed on your public assets and raises a finding when a port that should not be reachable from the internet is open. It covers a built-in list of high-risk ports and any additional ports you specify.
Ports get exposed for ordinary reasons: an internal team opens a database port for a quick test, a firewall rule is loosened during an incident, a new host ships with a default service enabled. These changes often outlive their purpose and are never reviewed. Sensitive Port Monitoring is the control that catches them.
Two ways a port is checked
During a scan. When WASViking scans an asset, it inspects the ports it observes and turns risky open ports into findings in the report, with a severity bump for ports that are sensitive by nature. This is part of the normal scan output.
Continuously, outside the scan. WASViking also checks the sensitive ports for your assets on a recurring schedule, independent of when you run a scan. If a sensitive port that was closed becomes open between scans, you are alerted without having to wait for the next scan to run. This is what turns port hygiene from a point-in-time check into ongoing monitoring.
What counts as a sensitive port
WASViking ships with a baseline of ports that should generally not be exposed to the public internet:
| Port | Service |
|---|---|
| 22, 2222 | SSH |
| 3389 | RDP |
| 23 | Telnet |
| 3306 | MySQL |
| 5432 | PostgreSQL |
| 1433 | MSSQL |
| 27017 | MongoDB |
| 6379 | Redis |
| 9200 | Elasticsearch |
| 11211 | Memcached |
| 445 | SMB |
On top of this baseline you can add your own ports. Use this for services specific to your environment that you want held to the same standard, for example an admin panel, a message broker, or an internal API that must never be reachable from outside.
Configure the ports you care about
Add custom ports under Settings → System Settings → Notifications &
Alerts → Sensitive Port – Monitored Ports. Enter port numbers
separated by commas, for example 21,25,1433.
List additional ports to be monitored, separated by commas.
Your custom ports are monitored in addition to the built-in baseline, not instead of it. Leaving the field empty still monitors the baseline.
Alerting
When a sensitive port is found open, WASViking routes a Sensitive Port alert to the channels you have configured. Set up delivery under Alerts → Notification Channels (email, Slack, Microsoft Teams, or an API webhook). See Notification Channels for the channel and event model.
The alert tells you which host and port are exposed so the team can decide whether the exposure is intended and, if not, close it.
What turns into a Finding
An open sensitive port is promoted to a Finding in the category
exposed_port, titled like Sensitive port exposed: SSH (22/tcp).
Findings created from both the in-scan check and the continuous monitor
are reconciled to the same host and port, so you do not get duplicates
for the same exposure.
These findings follow the standard Findings workflow: status transitions, audit log, Risk Score, and webhook events. A sensitive port also raises the Risk Exposure score on the asset in Assets Inventory.
What it does not do
- It does not close ports for you. WASViking detects and alerts. Closing the port is an action for your team or your firewall.
- It is not a full network port scan. The monitor focuses on the
sensitive and customer-specified ports, not an exhaustive 0-65535
sweep. For broader infrastructure coverage, use the
networkscan profile. See Scan profiles.
Where it lives in the portal
- Settings → System Settings → Notifications & Alerts: the Sensitive Port monitored-ports list.
- Alerts → Notification Channels: where Sensitive Port alerts are delivered.
- Findings: filter by category
exposed_port. - Scan reports: in-scan port findings appear with the rest of the scan output.