Hello all,
I am not quite sure how to go about getting an accurate depiction of my network through the use of UDT. Since not every device on the network is monitored as a node (1000+) not all of them have a hostname associated with them but rather a MAC and IP. In an effort to avoid whitelisting everything, I created a few additional rules to whitelist items that match up with our naming conventions. This still leaves the hostname-less devices out there and as far as I understand it, a device must pass a hostname, MAC, and IP rule to be automatically whitelisted.
In addition to some devices not having a hostname, many of the MAC addresses that are popping up in the rogue device list are actually MAC addresses assigned to specific ports on different switches. This effectively is creating a false positive for us since that switch is already monitored but is still populating several "rogue" devices. Is there a way to clean this up? Or is there a way to whitelist everything that is seen at this moment and have that as sort of a "baseline" for the network?
Thanks in advance!