Skip to main content
ConnectMyAssets
Solution

Real-Time Network Change Monitoring

Know about unauthorized network configuration changes in seconds, not hours. ConnectMyAssets uses syslog-triggered detection to capture, diff, and alert on every configuration change across your entire multi-vendor fleet the moment it happens.

  • Syslog-triggered detection: changes detected in under 30 seconds
  • Automatic unauthorized change flagging with instant diff
  • Multi-channel alerting: email, Slack, webhook, SIEM syslog
  • Change attribution: user, source IP, protocol, timestamp
  • Drift detection dashboard with real-time compliance scoring
  • Change window awareness: no alert noise during planned maintenance
Request a DemoExplore Platform
ConnectMyAssets, Live Change Feed
LIVE142 devices monitored
14:32:08fw-edge-paris-01UNAUTHORIZED
- set admin-ssh-port 22 / + 2222
14:29:45core-rtr-lon-01IN-WINDOW
BGP neighbor update (maintenance)
14:17:22sw-access-nyc-03AUTHORIZED
VLAN 220 added via workflow
13:55:01vpn-hub-fra-02UNAUTHORIZED
+ crypto isakmp key ... / - ntp server
13:40:17fw-dc-ams-01AUTHORIZED
Policy rule 144 updated via workflow
● 2 UNAUTHORIZED● 2 AUTHORIZED● 1 IN-WINDOW

The Change You Did Not See Is the One That Causes the Outage

Scheduled polling runs every hour or every few hours. In that window, someone can log into a router, change an ACL, and leave. Your backup system will not know until the device next syncs. By then, traffic may have been misrouted for 45 minutes, a firewall rule may have been silently removed, or a VPN peer may have been modified without any change ticket. Real-time network change monitoring closes this window. When a config change syslog event is received, the device immediately connects to the CMA appliance and syncs its running configuration. Your team sees the diff in seconds, not the next morning. Security and operations teams both benefit: ops gets faster incident response, security gets near-real-time unauthorized change detection.

From Syslog Event to Alert in Under 30 Seconds

Real-time detection, instant diff, smart alerting. Every change your network makes is accounted for.

Syslog-Triggered Instant Detection

The moment a device emits a configuration change syslog event, ConnectMyAssets signals the device to immediately sync its running configuration to the CMA appliance. The new version is compared to the last known version as soon as it arrives. There is no waiting for a scheduled polling cycle. Detection latency is measured in seconds, not hours. This matters because the window between an unauthorized change and its detection is the window during which your network is running a configuration nobody reviewed or approved.

🚨

Unauthorized Change Flagging

Any configuration change that did not originate from a ConnectMyAssets workflow is automatically flagged as unauthorized. The diff is calculated, the device is identified, and an alert is raised immediately. Your security team sees the exact lines that changed, who was logged into the device at the time (if attribution data is available from the syslog), and can compare the change against the approved golden config. Nothing slips through unnoticed.

📣

Multi-Channel Alerting

Alerts reach your team through the channels they actually monitor: email for asynchronous notification, Slack or Teams for real-time channel visibility, webhook for custom integrations, and syslog output for SIEM ingestion. Alert routing is configurable by severity, device group, and team. A critical unauthorized change on a core router can page the on-call engineer immediately, while a low-severity drift on a branch switch creates a ticket in your ITSM for the next business day.

👤

Change Attribution

ConnectMyAssets enriches each detected change with attribution data: which user account made the change, from which source IP address, via which protocol (SSH, console, API), and at what time. When syslog messages carry session or user identity information, this is extracted and linked to the diff. For out-of-band changes that bypass all controls, attribution provides the forensic data your security team needs to understand the scope and origin of a potential incident.

📊

Drift Detection Dashboard

The drift dashboard gives you a real-time view of your entire fleet: which devices are running exactly their approved configuration, which have minor deviations, and which have critical unauthorized changes. Each device shows a compliance score updated continuously as new configurations are captured. You can filter by site, vendor, device role, or severity. The dashboard is the answer to the question your security manager asks every Monday morning: "Is our network still running what we approved?"

🕐

Change Window Awareness

Not every change is unauthorized: planned maintenance windows produce expected configuration modifications. ConnectMyAssets is aware of your scheduled change windows. Changes that occur during an approved maintenance window are logged and versioned normally, but they do not trigger unauthorized change alerts. Only changes that happen outside approved windows, or without a corresponding workflow, are flagged and escalated. This eliminates alert fatigue from legitimate maintenance while keeping full visibility on unexpected changes.

How It Works

01

Device Emits Config Change Syslog

When an engineer, a script, or an attacker modifies the configuration of a managed device, the device emits a syslog message indicating a configuration change event. ConnectMyAssets receives this event in real time via its syslog collector. The event is parsed, the device is identified, and the device is signaled to immediately connect to the CMA appliance and sync its running configuration. No polling interval, no scheduled window: the sync starts the moment the device reports the change.

02

Instant Backup and Diff

The syslog event triggers the device to sync its running configuration to the CMA appliance. The device connects to CMA, uploads the current running configuration, and the platform stores it as a new version. The diff against the previous version is calculated immediately: every added line in green, every removed line in red. The change is enriched with attribution data extracted from the syslog event and device session logs. The entire process from syslog receipt to diff availability takes under 30 seconds for most devices.

03

Alert or Acknowledge

ConnectMyAssets checks whether the detected change occurred within an approved maintenance window and whether it matches an expected workflow. If the change is unauthorized, or occurs outside an approved window, an alert is sent immediately through all configured channels with the diff attached. Your team can acknowledge the alert, initiate a rollback, or escalate to a security incident. If the change is expected and authorized, it is logged, versioned, and added to the audit trail without generating noise.

Related Platform Features

Configuration Backup
Capture and version every config change
Rollback and Version Control
One-click rollback to any previous config version
Network Config Audit
Audit every device against your golden baseline
Firewall Rule Audit
Detect unauthorized firewall rule changes
NIS2 Compliance
Meet NIS2 Article 21 network requirements

Frequently Asked Questions

Common questions about real-time network change monitoring

Stop Finding Out About Changes Hours Later

ConnectMyAssets detects every configuration change across your fleet within seconds of it happening, flags unauthorized changes immediately, and gives your team the diff, the attribution, and the rollback path, all in one place.

Request a DemoExplore Platform