Rogue Machine
notitie
Rogue Machine Event Monitor
The Rogue Machine Event Monitor scans the network for new devices that may have connected without permission.
info
Overview
The Rogue Machine Event Monitor searches your network for unrecognized systems.
Use Cases
- Detecting new systems that have connected to the network
Monitoring Options
This event monitor provides the following options:
- Look for rogues in the local NetBIOS network: Search in the local NetBIOS tables for unrecognized systems.
- Look for rogues in the following IP ranges: Specify IP address ranges where the event monitor will search for unrecognized systems.
- Use ICMP pings to detect rogues: Use ICMP pings to detect unrecognized systems, which is one of the best methods.
- Use ARP requests to detect rogues: Use ARP requests to detect unrecognized systems, effective only on the local subnet.
- Use HTTP requests to detect rogues: Use HTTP requests to detect unrecognized systems hosting web servers.
- Use SNMP requests to detect rogues: Use SNMP requests to detect unrecognized systems, including networking equipment.
- Alert with [Warning/Error/Critical] about changes in the list of found rogues since the last run: Alert if there are changes in the list of found systems compared to the last run.
- Don't alert about these devices: Exclude selected devices from alerts.
Authentication and Security
This event monitor does not require any authentication.
Protocols
Data Points
This event monitor generates the following data points:
| Data Point | Description |
|---|---|
| Rogue Count | The number of rogues detected. |
Sample Output
