Hi - extremely new to EH
I'm trying to discover all the printers in an environment. My initial thought was to identify all destinations that were sent TCP:9100 packets to narrow this down. Is there an easier way to achieve this outcome?
If not - is this possible with a trigger? I'm thinking it best to start with the TCP_OPEN event restricted to TCP:9100. However, from there, I'm uncertain how to surface only those devices which are printers (not the TX devices like PCs and Servers).
I hope this makes sense.
Any help at all is appreciated while I stumble through the JSON I have so far!