Greetings, today I see an entire new subnet of rogues in my ePO. It's a commercial ISP who shouldn't be detected by my network so either someone connected a link they shouldn't have, or someone took a computer home and that RSD is seeing the subnet.
How can I tell what the detection SOURCE was? When running queries I see a couple different SOURCE IDs (one is 666 and one is 484)?
Sadly, they were supposed to link the detected subnet to the sensor in the latest version but never did. Your best hint is to find the sensor(s) proving the coverage. But typically, those subnets are best ignored.
The detections could be dhcp or agent, neither of which will provide any insights.
In the past we have seen network provider equipement showing internal addresses intenally...