When devices come onto your map beaconing alerts or warnings, it's time to investigate!
Check the notifications, which are organized by priority—Alert, Warning, or Info—and decide whether any follow-on action is needed. Your organization's security criteria and policies should dictate what the next steps should be.
- If the device is one you don't know about and don't have in your asset management system, for example, Lumeta suggests that you treat it as "suspect "and queue it for evaluation and troubleshooting.
- If the device is not a concern, then you can simply "acknowledge" receipt of the alert/warn/info notification, which stops the beaconing effect and indicates to other system users that you've handled the beaconing device and no further action is necessary.
- If you want to stop the beaconing effect without acknowledging any devices, go to the Preferences menu on the Maps toolbar and clear the Beacons checkboxes.
Acknowledgement Behavior
To acknowledge . . .
- One notification message, click the Acknowledge button for that row
- All notifications of a type, click the Acknowledge All <ALERT/INFO/WARN> Notifications button
What happens when you acknowledge a notification?
- That line item is removed from the Notifications panel and archived.
- Any devices associated with that notification will stop beaconing.
Searching for a Device on the Map
Maps provide the following Search capabilities:
- When you click on a device IP in the notifications panel that references a Layer 2 or Layer 3 device, the map automatically loads attached hosts or Layer 2 devices as needed to display the requested device.
- When you search for a particular device in the Search window, the map finds that device and renders it front and center on the page. If that device doesn't have any direct connections to show on the map, you'll receive that information in a message.