Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > User Device Tracker (UDT) > UDT Administrator Guide > Common tasks with SolarWinds UDT > See Rogue Endpoint connections in real-time

See Rogue Endpoint connections in real-time

Table of contents
No headers
Created by Steven Bansil_ret, last modified by Steven Bansil_ret on Jan 20, 2017

Views: 11 Votes: 0 Revisions: 2

Scenario: White List is set up but you want real-time or near real-time alerts when a rogue device connects to the network.

Set up your devices to send connection-related traps to the UDT server. UDT checks the database for trap-related information at set intervals. If an endpoint connects to a UDT device, and the endpoint is not on the White List, UDT posts an alert in the Web Console.

  • The following instructions are for Cisco devices only.
  • You can remove device configurations by running a given command with no in front of it. For example, no set logging server ip_address removes that target from the remote logging stream.

To enable your Cisco devices to send trap messages:

  1. Open a command line in config mode on your device.
  2. Execute the commands from the examples, changing the IP address to match your UDT server.

    Traps (IOS)

    snmp-server host 10.110.68.33 public config

    snmp trap mac-notification change added

    snmp trap mac-notification change removed

    Traps (CatOS)

    set snmp trap 10.110.68.33 public config

    snmp trap mac-notification change added

    snmp trap mac-notification change removed

  3. Open the UDT Settings on the UDT server (Settings > UDT Settings).
  4. Click Advanced Settings.
  5. Enter a value (in seconds) under MAC Notification Processing Inverval for the frequency with which you want UDT to check for new trap messages.
  6. Click Save.
  • To verify your setup, connect a device to the network that is not on the UDT White List.
  • Wait for the time you allotted in Step 5, and then check the Active Alerts and All Triggered Alerts resource for an entry that shows the MAC address of the device you just connected.
 
Last modified
20:37, 19 Jan 2017

Tags

Classifications

Public