Connect Medigate

Elisity supports simple API connectivity to Medigate as a method to enrich IT, IoT, OT and IoMT device discovery and identity. This enables asset data from Medigate to be imported into IdentityGraph for all assets that appear on your Elisity-secured network. This enhances the precision and effectiveness of asset classification.

 

NOTE:

Claroty has integrated Medigate into xDome, combining them into a single product that manages IT, IoT, OT, and IoMT assets within one unified platform. In this article, the terms Medigate and xDome are used interchangeably.

 

Prerequisites

  • Admin access to the Medigate online portal for API key generation
  • The Medigate on-premise collector should be deployed and operational

Connector Instructions

Step 1. Generate the API token on the Medigate online portal by logging in and navigating to Settings > Admin Settings > User Management. Select Add User.

 


Step 2. Create an API user by selecting the API User option, fill out the required fields and select Create User. 

NOTE:

To share the Enforcement Status of an asset known to both Elisity and Claroty, the API User must meet one of the following conditions:

  1. Be assigned to a full Read/Write Role in Claroty.
  2. Be assigned to a custom Role that includes the following permissions:
    • View Custom Attributes
    • Edit Custom Attribute Values
    • Add Custom Attributes

      To create a custom role, please review the Claroty documentation.
      Otherwise a Read-Only User Role in Claroty will suffice for IdentityGraph enrichment only. 

 

 

Step 3. After creating the user, select Generate Token next to the user name where the portal says Pending Token Generation. Copy the API token to your clipboard as we will be using it when creating the connector in Elisity Cloud Control Center. 



Step 4.
Log into Elisity Cloud Control Center and navigate to settings > Connectors and select + ADD CONNECTOR

 

Step 5. Select Configure on the Medigate connector tile in the list that pops up on the right side of the screen. 



Step 6. Enter the API URL (issued by Medigate), and the API Token generated in a previous step in the appropriate fields and select Review and Submit. All the other fields are optional.

 

Example API URL: https://api.medigate.io/ (please check your Medigate documentation to find the API URL Medigate provides for your country/region.)

 



Step 7 (optional). Configure advanced settings for the Medigate connector.

The following chart provides details about each advanced setting

Global Timer The frequency at which Cloud Control Center queries Medigate for updates. From 1 to 168 hours. Default is 24 hours.
Initial Delay The delay in seconds before Cloud Control Center initiates the first query to Medigate after initially discovering a new device. Default is 180 seconds

 

Step 8. After the connector has been configured it should show Active on the main connector page in Cloud Control Center.



Step 9. You can also use the Medigate integration to check to make sure the device exists in Medigate's platform before "trusting" it to be classified into the Policy Group.  Select Trust Attributes in the criteria dropdown box, and then select Known in Medigate in the items dropdown box. 

 

 

After successfully configuring the Medigate connector, you should begin to see assets enriched with Data from Medigate in IdentityGraph.


Sharing Asset Enforcement Status with Claroty xDome

Step 1. Ensure that the "Share Asset Enforcement Status" is selected under the connector configuration.

 

Step 2. Ensure that at least one asset in the Cloud Control Center has an Enforcement Status of "Enforced." For an asset to display "Enforced" status, it must be associated with a Policy Group that belongs to an active policy set containing at least one active policy for that Policy Group. Note that simulated policies do not contribute to the "Enforced" status.


Step 3
. Log into Claroty xDome and navigate to Devices > All Devices.



Step 4
. On the device table select the gear icon.


Step 5
. On the column selection window, choose + Custom Attribute. 


Step 6.
Fill out Attribute Name and Attribute API Name exactly as shown below and select Add.


Step 7.
Select the newly created "Elisity Enforced" attribute in the list and then select Add.


Step 8.
On the device table page, make sure to create a new custom view so that the "Elisity Enforced" column stays persistent. 

 

Creating at Custom Compensating Control with Elisity Enforced Status

NOTE:
Elisity recommends collaborating with your Claroty representative to design a Custom Compensating Control profile that aligns with best practices.


Step 1.
Log into Claroty xDome and navigate to Risk > Risk Configurations.


Step 2. 
Under Device Risk Configurations select the Compensating Controls Subscore option and then select the Custom Controls tab. Select Create New Custom Control.


Step 3.  
In the Create Custom Control window, provide a Control Name and Description then select + Add Value.


Step 4.
Configure a Value Name and Points and then select Select Attribute > All Attributes. 

 

Step 5. In the list of attributes, select Elisity Enforced and then select Apply.


Step 6.
Change the device condition to Elisity Enforced - In - Enforced and select Apply.


Step 7. 
Select the Enable control after applying option and then select Apply.


Step 8.
Save the new Custom Compensating Controls configuration and then select Activate. 

 

Enriched Data in IdentityGraph

The Identity Graph in Elisity provides detailed insights into the devices connected to your network. The enriched data displayed for each device helps administrators quickly assess and manage the security posture and connectivity of their network assets. Below is an explanation of the key elements shown in the enriched data view for a device:

Types of attributes gleaned from Medigate and example values are below:

  • Device Genre: Indicates the genre or type of device, classified as IT.
  • Class: The broad category the device falls under, here identified as Computers.
  • Vendor: The manufacturer or vendor of the device, listed as VMWare.
  • Type: The specific type of device, which is a PC.
  • Operating System: The operating system installed on the device, here it's Windows 10/11/Server 20....
  • Risk Score: A calculated score indicating the potential risk associated with the device, with 59 being the score shown.
  • Risk Score Level: The classification of the risk score, marked as HIGH.
  • Purdue Level: The Purdue model level assigned to the device, which is 3.
  • Last Update: The last time the data was updated, noted as 08/28/2024, 12:57 AM.
  • Asset ID: A unique identifier for the asset within the system, denoted as HCUBDOA.
  • Combined OS: Indicates combined or possible operating systems, showing Windows 10/11/Server 20....
  • Device Type Family: Classifies the family of the device type, such as PC.
  • Domain Name: The domain name associated with the device, identified as VE.ELISITY.COM.
  • Financial Cost: The estimated financial cost range of the device, noted as $1,000-$10,000.
  • Matched Source: The method used to match the device, here it's IP + MAC.
  • OS Category: The category of the operating system, such as Windows.
  • OS Version: Details about the operating system version.
  • Site Name: The name of the site where the device is located, listed as main.

This is not an exhaustive list - other attributes are available such as SSID List and BSSID List are available and usable as Policy Group Match Criteria.

 

This enriched data allows administrators to have a comprehensive view of the device's identity, risk, and operational status, enabling more informed decision-making regarding network security and policy management.

Was this article helpful?
0 out of 0 found this helpful