07-31-2022 09:19 AM
Hello,
Is unclear if we should disable baseline for dhcp users , can someone please help me to understand what should be configured?
Solved! Go to Solution.
08-04-2022 01:49 AM - edited 08-04-2022 01:50 AM
Okay, it's a bit confusing, but I (hope) I get your point:
When you add a new host group under "Client IP Range (DHCP Range)" the clients might get a dynamic IP assigned, therefore, it's not good to start baselining on that specific IP if a few weeks later client A has a new IP address and client B gets the one, client A had before, or when client A is moving to a separate network, e.g. roaming and has different IP addresses assigned.
In this Sub-Host-Group the check is disabled and when you create a new group it is inherited, so you don't see the box checked.
A server normally keeps it's IP address till you remove it from the network. It (normally) won't take any trip to another data center. So baselining makes sense in this Sub-Host-Group and will be inherited on every new group you add below.
Back to your question: If you e.g. assign IP addresses with the dedicated MAC address and they also won't change when a device is changing networks, then you can enable baselining. Otherwise, it won't make any sense any might only be more confusing on your alerts then helping you find any bad actor.
Did I get your point correct?
08-03-2022 04:31 AM
Hi @blagov,
I do not really understand your question. Why do you want to disable baselining for DHCP users?
Is this something in the "Host Classifier" app or specific for a use case?
Thanks and cheers
08-03-2022 06:35 AM
08-04-2022 01:49 AM - edited 08-04-2022 01:50 AM
Okay, it's a bit confusing, but I (hope) I get your point:
When you add a new host group under "Client IP Range (DHCP Range)" the clients might get a dynamic IP assigned, therefore, it's not good to start baselining on that specific IP if a few weeks later client A has a new IP address and client B gets the one, client A had before, or when client A is moving to a separate network, e.g. roaming and has different IP addresses assigned.
In this Sub-Host-Group the check is disabled and when you create a new group it is inherited, so you don't see the box checked.
A server normally keeps it's IP address till you remove it from the network. It (normally) won't take any trip to another data center. So baselining makes sense in this Sub-Host-Group and will be inherited on every new group you add below.
Back to your question: If you e.g. assign IP addresses with the dedicated MAC address and they also won't change when a device is changing networks, then you can enable baselining. Otherwise, it won't make any sense any might only be more confusing on your alerts then helping you find any bad actor.
Did I get your point correct?
08-04-2022 04:13 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide