-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Notify admins when unexpected devices pop up on network #7721
Notify admins when unexpected devices pop up on network #7721
Conversation
web admin part typo
@satkunas, I need your help to make "Device is not" field perform a search exactly like "Device" field is doing (using |
expose last_ip to sec event engine
f7fac5c
to
e4d2739
Compare
I just need help to finalize frontend but nothing more to do on my side. |
@jrouzierinverse I had a discussion with @satkunas and in fact, the code needs to be adjusted on backend. # pfperl-api get -M OPTIONS /api/v1/config/security_events
[..]
"device": { │
"allow_custom": false, │
"allowed_lookup": { │
"field_name": "name", │
"search_path": "/api/v1/fingerbank/all/devices/search", │
"value_name": "id" │
},
[..]
"device_is_not": { │
"default": null, │
"implied": null, │
"placeholder": null, │
"required": false, │
"type": "string" │
}, I would like to have similar results for |
e4d2739
to
723efb8
Compare
@jrouzierinverse, I made changes you requested in |
Description
Be informed (through security event) when a device pops up into a VLAN or a subnet that shouldn’t be there.
In order to trigger a security event, PacketFence must receive: DHCP traffic or RADIUS accounting. We don't trigger on RADIUS authentication requests.
If we receive several DHCP or RADIUS requests for the same device but IP isn't updated, security event will not be triggered again due to:
Issue
fixes #7529
Delete branch after merge
YES
Checklist
(REQUIRED) - [yes, no or n/a]
NEWS file entries
Enhancements