Analytics Story: Asset Tracking
Description
Keep a careful inventory of every asset on your network to make it easier to detect rogue devices. Unauthorized/unmanaged devices could be an indication of malicious behavior that should be investigated further.
Why it matters
This Analytic Story is designed to help you develop a better understanding of what authorized and unauthorized devices are part of your enterprise. This story can help you better categorize and classify assets, providing critical business context and awareness of their assets during an incident. Information derived from this Analytic Story can be used to better inform and support other analytic stories. For successful detection, you will need to leverage the Assets and Identity Framework from Enterprise Security to populate your known assets.
Detections
Name | Technique | Type |
---|---|---|
Detect Unauthorized Assets by MAC address | None | TTP |
Data Sources
Name | Platform | Sourcetype | Source |
---|
References
Source: GitHub | Version: 1