UDT Rogue Device detection needs some improvement. I had created a ticket and worked with support but I am not satisfied with the answers, especially since the SW site advertises the product to do this: Receive an alert when a device that’s not on the whitelist connects to the network & Define rules to determine if a network device should be ignored.
In my environment, I felt that the best way to monitor was to create a white list for all of my approved MAC addresses. This was working correctly, but I was being alerted throughout the day for devices that were connecting to our non-secured guest WiFi. Those devices are not on the MAC white list, therefore they were alerts. I tried to use the exclude rule, and also tried to white list that IP range, but it does not work.
If I understand correctly, the MAC white list and the IP white list are not queried one after another, therefore as long as it FAILS on 1 white list, you are alerted. I need it to NOT alert if it passes ANY enabled white list.
If you suffer from the poor design of UDT and Rogue Device Detection and filtering, please raise awareness to get this potentially great tool some exposure and try to get the dev team to make it awesome!