.. _preset.rst: Pre-Requisites for Anomaly Detection ==================================== To detect Anomalies, Administrators need to preconfigure components such as the Network sensor or Agent. Anomaly Detection Mechanism --------------------------- Anomalies are detected by Sensor or Agent. To Detect Anomalies, both Sensor and Agent must be pre configured. If Anomalies are detected by **Agent**, Administrators should assign the appropriate Agent action under the Node Policy. .. list-table:: :widths: 2 3 5 :header-rows: 1 * - Anomalies ID - Detection Mechanism - Required Configuration * - Multi-Homed / Ad hoc Network - Agent - Collect Network Information Agent plugin * - ARP Bomb - Network Sensor - Add Virtual IP to Sensor Interface * - Spoofed ARP - Network Sensor - Add Virtual IP to Sensor Interface * - MAC+IP Clone - Network Sensor / Agent(ARP Spoofing) - Enable Network Sensor MAC + IP Clone Detection * - Malware Detection - Agent - Collect Malware Information Agent plugin * - Port Scanning - Network Sensor - Add Virtual IP to Sensor Interface * - SNMP Disabled - Policy Server - SNMP Trap Options * - Rogue DHCP Server Detection - Network Sensor - Network Sensor DHCP Server Scan * - Sensor MAC Clones - Network Sensor - Network Sensor MAC + IP Clone Detection * - Unauthorized Service Request - Network Sensor - Add Virtual IP to Sensor Interface * - Rogue Gateway - Agent - Collect Network Information Agent plugin Configuration Details --------------------- Add Virtual IP to Sensor Interface '''''''''''''''''''''''''''''''''' - Refer to: `Add Virtual IP to Sensor Interface`_ .. _Add Virtual IP to Sensor Interface: https://docs.genians.com/release/en/system/virtual.html Configuring Network Sensor DHCP Server Scan ''''''''''''''''''''''''''''''''''''''''''' #. Go to **System** in the top panel #. Go to **System > Sensor** in the left Policy panel #. Find **Sensor** and Click **Checkbox** #. Click **Tasks > Edit Network Sensor Settings** #. Go to **Sensor Settings > Network Scan > DHCP Server Scan** and choose **On** to the configure features #. Click ``save`` Configuring Policy Server SNMP Trap Options ''''''''''''''''''''''''''''''''''''''''''' #. Go to **Preferences** in the top panel #. Go to **General > Log** in the left Policy panel #. Go to **Log > SNMP Trap Options > SNMP Trap** and choose **On** to the configure features #. Enter **Community String** #. Click ``Update`` Configuring Network Sensor MAC + IP Clone Detection ''''''''''''''''''''''''''''''''''''''''''''''''''' #. Go to **System** in the top panel #. Go to **System > Sensor** in the left Policy panel #. Find **Sensor** and Click **Checkbox** #. Click **Tasks > Edit Network Sensor Settings** #. Go to **Sensor Settings > Node Status Scan > MAC+IP Clone Detection** and choose **On** to the configure features #. Click ``save``