Want this feature implemented, too? Please upvote by clicking Thumbs up!
As a PRTG user, I want to have a "matching" sensor checking for devices that should not be on a subnet/ behind a probe. The match can be made with the devices that are in the active monitoring tree under a probe.
Details of user story
The whole view on security is rapidly changing, not only the outside layers must be protected but also from the inside there should be automated tests to check for strange behaviour. PRTG should be a core part of internal security checking because it's already in place and had this potential for sure.
- Give a HIGH ALERT notification
- Give as much as possible details about that device (start collecting and logging).
- Give the option to add the detected strange device on a "safe-list for that probe" or add it to the active monitoring.
- The safe list must be easy accessible so users can review the list so now and then.
- A report template for incident or anomalie detection with a risk diagram (network info, types of protocols used by the device, to what devices the strange device has been talking etc etc)