Hello, I would like to have a "matching" sensor checking for devices that should not be on a subnet/ behind a probe.
- Give a HIGH ALERT notification
- Give as much as possible details about that device (start collecting and logging).
- Give the option to add the detected strange device on a "safe-list for that probe" or add it to the active monitoring.
- The safe list must be easy accessible so users can review the list so now and then.
- A report template for incident or anomalie detection with a risk diagram (network info, types of protocols used by the device, to what devices the strange device has been talking etc etc).