.. _preset.rst:

Pre-Requisites for Anomaly Detection
====================================
To detect Anomalies, Administrators need to preconfigure components such as the Network sensor or Agent.


Anomaly Detection Mechanism
---------------------------

Anomalies are detected by Sensor or Agent.

To Detect Anomalies, both Sensor and Agent must be pre configured.

If Anomalies are detected by **Agent**, Administrators should assign
the appropriate Agent action under the Node Policy.

.. list-table::
   :widths: 2 3 5
   :header-rows: 1

   * - Anomalies ID
     - Detection Mechanism
     - Required Configuration
   * - Multi-Homed / Ad hoc Network
     - Agent
     - Collect Network Information Agent plugin
   * - ARP Bomb
     - Network Sensor
     - Add Virtual IP to Sensor Interface
   * - Spoofed ARP
     - Network Sensor
     - Add Virtual IP to Sensor Interface
   * - MAC+IP Clone
     - Network Sensor / Agent(ARP Spoofing)
     - Enable Network Sensor MAC + IP Clone Detection
   * - Malware Detection
     - Agent
     - Collect Malware Information Agent plugin
   * - Port Scanning
     - Network Sensor
     - Add Virtual IP to Sensor Interface
   * - SNMP Disabled
     - Policy Server
     - SNMP Trap Options
   * - Rogue DHCP Server Detection
     - Network Sensor
     - Network Sensor DHCP Server Scan
   * - Sensor MAC Clones
     - Network Sensor
     - Network Sensor MAC + IP Clone Detection
   * - Unauthorized Service Request
     - Network Sensor
     - Add Virtual IP to Sensor Interface
   * - Rogue Gateway
     - Agent
     - Collect Network Information Agent plugin


Configuration Details
---------------------

Add Virtual IP to Sensor Interface
''''''''''''''''''''''''''''''''''

- Refer to: `Add Virtual IP to Sensor Interface`_

.. _Add Virtual IP to Sensor Interface: https://docs.genians.com/release/en/system/virtual.html

Configuring Network Sensor DHCP Server Scan
'''''''''''''''''''''''''''''''''''''''''''

#. Go to **System** in the top panel
#. Go to **System > Sensor** in the left Policy panel
#. Find **Sensor** and Click **Checkbox**
#. Click **Tasks > Edit Network Sensor Settings**
#. Go to **Sensor Settings > Network Scan > DHCP Server Scan** and choose **On** to the configure features
#. Click ``save``

Configuring Policy Server SNMP Trap Options
'''''''''''''''''''''''''''''''''''''''''''

#. Go to **Preferences** in the top panel
#. Go to **General > Log** in the left Policy panel
#. Go to **Log > SNMP Trap Options > SNMP Trap** and choose **On** to the configure features
#. Enter **Community String**
#. Click ``Update``

Configuring Network Sensor MAC + IP Clone Detection
'''''''''''''''''''''''''''''''''''''''''''''''''''

#. Go to **System** in the top panel
#. Go to **System > Sensor** in the left Policy panel
#. Find **Sensor** and Click **Checkbox**
#. Click **Tasks > Edit Network Sensor Settings**
#. Go to **Sensor Settings > Node Status Scan > MAC+IP Clone Detection** and choose **On** to the configure features
#. Click ``save``