Log search to locate a purloined laptop

Good morning. I have a long lost asset which is phoning home to Rapid7 when it gets turned on, but the logs I see are only showing Windows startup processes. Is there a key which would point out what private IP address it’s being assigned on connection, or maybe does Rapid7 record the public IP address a computer connects from when it phones home?

I have quarantined the computer, so the possessor will soon own a brick. Still, it’d be nice to know where it is.

Thanks again!

In the Agent Details in the Agent list, I see private & public IP, as well as last seen, deploy date, etc…


1 Like

EXCELLENT. Thank you so much, you delivered exactly the result I needed!!