Risk Detection Pre-configuration

To detect risks in Network Sensors and Agents, the detection entities must be configured.

Risk Detection Entities

The entities that detect risks are divided by risk detection item as follows. Pre-configuration is required to detect risks, depending on each detection entity.

If the risk detection entity is an Agent, risk detection is possible only by assigning the node action to the Node Policy.

Risk Detection ID Risk Detection Entity Configuration Item
Ad Hoc Network Connection Agent Network Information Collection Plugin
ARP Bomb Network Sensor Virtual IP Configuration for Inducing Risky Traffic
ARP Spoofing Network Sensor Virtual IP Configuration for Inducing Risky Traffic
MAC / IP Clone Network Sensor / Agent (ARP Spoofing) Network Sensor MAC / IP Clone Detection Function
Malware Detection Agent Malware Detection Plugin
Port Scan Network Sensor Virtual IP Configuration for Inducing Risky Traffic
SNMP Blocking Request Policy Server SNMP Trap Reception Function
Detecting Abnormal DHCP Server Network Sensor Network Sensor DHCP Server Scan Function
Sensor MAC Clone Network Sensor Network Sensor MAC / IP Clone Detection Function, Sensor MAC Conflict Avoidance Function
Unknown Service Request Network Sensor Virtual IP Configuration for Inducing Risky Traffic
Using Invalid Gateway Agent Network Information Collection Plugin

Configuring Environment

Configuring Virtual IP for Inducing Risky Traffic

Please refer to Configuring Virtual IP for virtual IP settings.

Configuring Network Sensor DHCP Server Scan Function

  1. Select System in the top panel.
  2. In the left system menu, click Sensor Management.
  3. Select the checkbox of the target Network Sensor for configuration.
  4. In the Select Action menu, select Bulk Sensor Settings item.
  5. In the Sensor Settings menu, change the DHCP Server Scan value to ON for the network scan item.
  6. Click the Save button.

Configuring Policy Server SNMP Trap Reception Function

  1. Select Settings in the top panel.
  2. In the left Preferences menu, select Audit Log.
  3. In the SNMP Trap Reception item, set usage to ON and enter the Community value.
  4. Click the Modify button.

Configuring Network Sensor MAC / IP Clone Detection Function

  1. Select System in the top panel.
  2. In the left system menu, click Sensor Management.
  3. Select the checkbox of the target Network Sensor for configuration.
  4. In the Select Action menu, select Bulk Sensor Settings item.
  5. In the Sensor Settings menu, change the MAC+IP Clone Detection value to ON for the node status check item.
  6. Click the Save button.