How do I search for rogue Server added to my environment including info about the Hacker(s)
That's what's called Hardware Asset Management (HWAM). You have a list of devices that are allowed/expected on the on the network and a list of devices that ARE on the network then you compare them. Any unexpected devices are considered rogue until they are discovered to be legitimate.
See https://us-cert.cisa.gov/cdm/capabilities/hwam and https://us-cert.cisa.gov/sites/default/files/cdm_files/HWAM_CapabilityDescription.pdf
Information about the "hacker" is harder to come by. With luck, when you find the rogue machine you'll also find the person responsible (the user, most likely).