Rogue DHCP Server Discovery A Host Snapshot is generated, in the Identification tab (a) information about server services (b) that are running on this host can be obtained.<(c)> page 49
Rogue DHCP Server Discovery This page intentionally left blank.<(c)> page 50
Lesson 8Workshop Learning OutcomesWorkshop Outcomes for Are there Rogue Hosts in my NetworkThe purpose of this workshop was to use the capabilities of Stealthwatch to huntout rogues in the network.This workshop started with a simple issue of a user experiencing password issuesthat lead to a bigger issue of a rogue DHCP server inside the network. By using thetools inside StealthWatch, we were able to connect the dots and find the true culpritin the network. By setting the Brute Force Login alarm to alert us, we found out host192.168.130.28 was conducting data exfiltration and brute force attacks on a hostserver in the UK.We then pivoted into the Domain Dashboard to view the rogue host for the day. Wefound out host 192.168.130.28 was just added to our network that day. After furtherinquiries with the IT department, we concluded that this host was not permitted butgained an IP address by another means.By conducting a custom Flow Table filter we found out that host 10.50.100.71 hasgone rogue by giving out IP addresses in our internal network. In the end, youfigured out that host 10.50.100.71 went rogue by activating DHCP services, whichhost 192.168.130.28 become a rogue device not registered in the network. Thishost then started a series of attacks to a server in the UK.In this workshop, we you learned how to: Enable the security event Brute Force Logon to alarm. Use the built-in Domain Dashboard to identify potential rogue devices. Created a custom flow table with filters to detect potential rogue DHCP servers.<(c)> page 51
Workshop Learning Outcomes <(c)> page 52
Lesson 9Wrap UpCustomer SuccessThe mission of the Customer Success Organization is to provide the framework,capabilities, and associated services to drive customers to achieve successfuloutcomes with our products and services.<(c)> page 53
Wrap UpImplementing Stealthwatch System Use Case SolutionsOur customers have online communities where they can: Create cases. Read and contribute to knowledge articles. Review product documentation. Watch videos. Participate in forums. Access Use Case Documents<(c)> page 54
Wrap UpQuestions or Feedback? <(c)> page 55
Wrap Up <(c)> page 56
Wrap Up <(c)> page 57
Search