Unauthorized Service Request
Genian NAC can detect an unauthorized service requested in a variety of ways. The Network Sensor monitors the network traffic flow to check the access event of ports. If an unwanted service is requested on any virtual IP addresses, Genian NAC suspends the Unknown Service Request and designates the Node as a critical one. In addition, if the service requests are more than the specified value within a period of time, then designated as a critical Node.
Configure Settings for Unauthorized Service Request in Anomaly Definition
- Go to Policy in the top panel.
- Go to Policy > Node Policy > Anomaly Definition in the left Policy panel.
- Click Unauthorized Service Request.
- Find Anomaly Event section to configure more options:
- For Event Duration, optional setting to specify how long the unauthorized services are requested:
- For Number of Allowable Service Requests, optional setting to specify the threshold to trigger the anomaly detection.
- For Attribute to Match, optional setting to find a Node sending the excessive unauthorized service requests.
- Click Update.
Create Node Group For Unauthorized Service Requested
- Go to Policy in the top panel.
- Go to Policy > Group > Node in the left Policy panel.
- Click on Tasks > Create
- For ID: Unauthorized Service Requested.
- For Status: Enabled.
- For Boolean Operator select OR.
- Find and click on Add in Condition section.
- For each Anomaly you want to add use the followings:
- Options: Anomaly.
- Operator: Detected is one of:
- Value: Unauthorized Service Request.
- Click Add.
- Keep adding Conditions as needed.
- Click Save.