[ozim]

Recommendations suck, they just write couple of times that administrators should update "Information Technology Security Database" and that they failed to do that. That should be automated. They have all those "CISO", "SAISO", "OCIO" and "CIO" but there is no one who knows how to setup automated nmap scan for a network range? Then trigger someone and add it to some inventory like "hey there is some new raspberry pi in network" should you maybe check it?

[Avamander]

It's not like you can easily detect a rogue RPi with just nmap. It's trivial not to respond to anything sent to you. You have to start looking at ARP, but that's not iron-clad either.

[emilburzo]

arpwatch worked pretty flawlessly when I needed something like that

https://en.wikipedia.org/wiki/Arpwatch

[ozim]

But that is not the point, point is they make admins do stuff manually. Getting kids to brush teeth every morning and evening is hard, getting bunch of IT admins to do something, what seems pointless, every day is close to impossible. Setting up something that scans network every day is trivial by comparison.