Skip to content

Devices

Devices Overview

The NETALERT solution enables network device detection and provides an interface for viewing and exporting device lists in CSV format. To access the Devices interface, navigate to Administration>Devices.

Exporting Device Lists

The device list can be exported in different formats for further analysis and external usage:

  • Export internal CSV - Exports only internal network devices.
  • Export external CSV - Exports devices classified as external.
  • Export active CSV - Includes only active devices.
  • Export inactive CSV - Includes devices that are no longer active.

Each detected device includes detailed attributes that can be accessed by clicking the button. Additionally, a Delete button is available for removing the device from the list. The displayed information includes:

These insights help administrators monitor security risks, identify unauthorized access, and analyze network behavior effectively.

  • The Details field contains comprehensive information about the device, including its MAC/IP address, IP address, device type (Internal/External), Manufacturer, Manufacturer Description, and the Last Seen timestamp.

In the designated fields section, the following information is available:

  • Open Ports
    • Displays a list of open network ports detected on the device.
    • Helps identify potential vulnerabilities where unauthorized access or exploitation might occur.
    • Useful for security audits, allowing administrators to check for unnecessary open ports that should be closed.

Example: A device with port 22 (SSH) open might indicate a remote access service that needs monitoring.

  • Applications - the all applications that are accessed from the device
    • Shows a list of applications accessed or running on the device.
    • Helps detect unauthorized or high-risk applications that might introduce security threats.
    • Useful for traffic analysis, providing visibility into what services or software are commonly used.

Example: A device accessing peer-to-peer (P2P) file-sharing applications could indicate potential data leaks.

  • Users - the username that is used for authentication on HTTP sites.
    • Displays usernames used for authentication on HTTP-based services from the device.
    • Helps track who is accessing specific network resources, improving user accountability.
    • Can reveal compromised credentials if unauthorized usernames appear in logs.

Example: If a device logs in to an internal web application with a suspicious or unknown username, further investigation might be required.

Search and Filtering

A search field allows filtering displayed devices using free-text input. If no text is entered, all devices will be listed. Additionally, a drop-down menu enables device grouping by:

  • ANY – Displays all devices.

  • INTERNAL – Filters only internal network devices.

  • EXTERNAL – Shows external network devices.