Try in Splunk Security Cloud

Description

Keep a careful inventory of every asset on your network to make it easier to detect rogue devices. Unauthorized/unmanaged devices could be an indication of malicious behavior that should be investigated further.

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel: Network_Sessions
  • Last Updated: 2017-09-13
  • Author: Bhavin Patel, Splunk
  • ID: 91c676cf-0b23-438d-abee-f6335e1fce77

Narrative

This Analytic Story is designed to help you develop a better understanding of what authorized and unauthorized devices are part of your enterprise. This story can help you better categorize and classify assets, providing critical business context and awareness of their assets during an incident. Information derived from this Analytic Story can be used to better inform and support other analytic stories. For successful detection, you will need to leverage the Assets and Identity Framework from Enterprise Security to populate your known assets.

Detections

Name Technique Type
Detect Unauthorized Assets by MAC address None TTP

Reference

source | version: 1