McAfee EPOCDE-AA-BA Product Guide - Page 268
Subnet status, Top 25 Subnets, Active, Missing, Passive, Contains Rogues, Covered
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 268 highlights
21 268 Detecting Rogue Systems What are rogue systems Active Active sensors report information about their broadcast segment to the McAfee ePO server at regular intervals, over a fixed time. Both the reporting period and the active period are user-configured. A sensor becomes passive when the active period lapses, at which time the next passive sensor to report in is made active. Missing Missing sensors have not communicated with the McAfee ePO server in a user-configured time. These sensors could be on a system that has been turned off or removed from the network. Passive Passive sensors check in with the McAfee ePO server, but do not report information about detected systems. They wait for instructions from the McAfee ePO server to replace other sensors that become passive. Subnet status Subnet status is the measure of how many detected subnets on your network are covered. Coverage is determined by the ratio of covered subnets to uncovered subnets on your network. Subnet states are categorized into these groups: • Contains Rogues • Covered • Uncovered Subnets must be known by the McAfee ePO server or be seen by a sensor to fall into one of these categories. Once a subnet has been detected, you can mark it Ignored to prevent receiving further reporting about its status. Contains Rogues Subnets that contain rogue systems are listed in the Contains Rogues category to make it easier to take action on them. Covered Covered subnets have sensors installed on them that are actively reporting information about detected systems to the McAfee ePO server. The Covered subnets category also includes the systems listed in the Contains Rogues category. For example, the Covered subnets category contains subnets A, B, and C. Subnet B contains rogues, while A and C do not. All three are listed in the Covered category; only subnet B is listed in the Contains Rogues category. Uncovered Uncovered subnets don't have any active sensors on them. Subnets that are uncovered are not reporting information about detected systems to the McAfee ePO server. However, there might be managed systems on this subnet that are being reported on through other means, such as agent-server communication. Top 25 Subnets The Top 25 Subnets list provides the subnet list, by name or IP, for the 25 subnets that contain the most rogue system interfaces on your network. When a top 25 subnet is selected, the rogue system interfaces it contains are displayed in the adjacent Rogue System Interfaces by Subnet table. McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide