I'm trying to find a way to detect new or rogue machines that are plugged in to our network.
I thought I might be able to do this with DHCP, but some of our locations use Unifi USGs that serve DHCP, rather than getting it from our Domain controllers.
My next thoguht was maybe to detect new DNS creation, but I guess that might have a bit of a lag.
Basically, I just want to know if someone has plugged something into our network (for certain subnets).
I simple NAC.
What's the best way to do this please? I just wanted an alert to be emailed out.