Hi,
I'm new to CPPM and would like some assistance with Device Auditing through NMAP.
I would like to use auditing configuration in conjunction with MAB in order to further increase the veracity of device 'fingerprinting'.
I'm intending to use the built in NMAP server to profile Cisco VoIP devices, along with various manufacturer printers.
I'm concerned that DHCP fingerprints could be faked, and MAC (OUI) spoofed, so I'm hoping NMAP can do its own device fingerprinting, and I can also do another level on top, like matching specific known open ports to be almost 100% sure the device that is connecting is what it says it is.
Could anyone point me in the direction of any information resources that would assist?
For my testing I have created a NMAP audit server (local to CPPM) and selected 'Detect Host Operating System', 'Service Scan', 'UDP Scan', and 'TCP Syn Scan', however when I enable the Audit in my wired 802.1x service my access tracker has the following alert:
Alerts for this Request
Policy server | Missing required inputs to perform audit |
And prior to this under Output > Posture Reponse I saw:
Avenda:Audit:Audit-Status | AUDIT_INPROGRESS |
So it seems as if it can't successfully run on the target host.
Any ideas how I could troubleshoot?
Thanks,
Ward