Hi looking for a search to find any unauthorized systems that are sitting on a network and the last login date.
To find unauthorized systems you'll first need a list of the authorized systems, perhaps in a lookup file. Then search to find ALL systems on your network and compare that list to the authorized list. The difference is the unauthorized systems.
Hey Rich,
You know a search string to find a particular hosts last ip "pull" is... I'm wondering if the last time it had a DHCP timestamp assigned is all I will be able to get.
I don't know that.
Hmmm.... could work. Could that lookup file be automatically updated? I was hoping enterprise security would have a report like this built-in.
Yes, it's possible to automatically update the lookup file.