Hey there,
How do you find my idea since I couldn’t find so much info about creating a baseline.
I know that are some logs ( known-hosts) which includes the IP’s from my network that completed a TCP handshake in 24 hours, also ( known-services ) ip+port+service.
What I am trying to create is a script/package that takes these IP’s and every time when a new “known-hosts” is detected that means that the new IP address is out of Baseline.
How do you find this ? Any thoughts are appreciate it, thanks !