Good morning. I have a long lost asset which is phoning home to Rapid7 when it gets turned on, but the logs I see are only showing Windows startup processes. Is there a key which would point out what private IP address it’s being assigned on connection, or maybe does Rapid7 record the public IP address a computer connects from when it phones home?
I have quarantined the computer, so the possessor will soon own a brick. Still, it’d be nice to know where it is.
Thanks again!
eg