This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

UDT - Rogue Devices

I have a approved Whitelist using DNS names, which shows to have 200 odd devices in the list.

When I look at the rogue devices, there are >300 listed and on closer inspection some of them are devices which are in my allowed list (some have multiple NIC's).

Why is the correlation not working correctly, I see a similar issue if I use IP addresses.



  • Endpoints are group with IP, DNS and MAC.  If you only created a whitelist for DNS, but the endpoint is detected on the MAC address level, it will still be rogue device.  The most basic information that UDT gathers is the MAC address, it would be best to create whitelist using the MAC addresses.