0 Replies Latest reply on Jul 30, 2013 12:19 PM by don_c

    Questions about establishing a white list baseline

    don_c

      I've recently installed UDT, and I'd like to use it to find rogue devices on the network in order to satisfy an audit requirement.  I'm wondering how I can add responding devices in a particular subnet to the white list, but not add new devices as they come online.  For example, I've added a subnet, 10.63.49.0/24, to the white list.  UDT has found about 70 responding IP's in that network. I'd like for those 70 nodes to be in the whitelist, but for any other devices that come up on the 10.63.49.0/24 network to be considered rogue.  My question:  when I add devices to the white list by subnet or by range, is the entire /24 range added to the whitelist, or just the 70 responding IP addresses?  If this action adds the entire /24 network, what is the best way to go about whitelisting just those 70 responding nodes, other than the one-by-one method, which wouldn't scale to all of the other /24's I need to add outside of this example?

       

      Thank you.