Questions about establishing a white list baseline
I've recently installed UDT, and I'd like to use it to find rogue devices on the network in order to satisfy an audit requirement. I'm wondering how I can add responding devices in a particular subnet to the white list, but not add new devices as they come online. For example, I've added a subnet, 10.63.49.0/24, to the white list. UDT has found about 70 responding IP's in that network. I'd like for those 70 nodes to be in the whitelist, but for any other devices that come up on the 10.63.49.0/24 network to be considered rogue. My question: when I add devices to the white list by subnet or by range, is the entire /24 range added to the whitelist, or just the 70 responding IP addresses? If this action adds the entire /24 network, what is the best way to go about whitelisting just those 70 responding nodes, other than the one-by-one method, which wouldn't scale to all of the other /24's I need to add outside of this example?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.