Medigate Device Classification Details

 

This article summarizes which IT, OT, IoT and IoMT device attributes can be enriched from our connector with Medigate, and the benefits of using that enriched data in policy.

 

Our integration with Medigate by Claroty is intended to allow customers to use the most accurate device classifications in policy decisions. Medigate’s collector sniffs, filters and parses traffic in order to analyze IT, OT, IoT and IoMT device protocols over time. Elisity leverages our own rapid device discovery mechanisms along with the Medigate analysis so that our customer’s devices get the most appropriate policies applied in a timely manner. 

 

When a new device is discovered by any Elisity methods, CCC queries Medigate using the following parameters to identify the device using: 

  • MAC + IP Address if both available 
  • MAC Address 
  • IP Address

Mapping of Medigate data objects to Elisity 

Screenshot 2023-10-05 162401.png  

 

Other Considerations

Latency and timing considerations: 

As Medigate analysis involves extensive protocol analysis there are situations where a new device classification may change or additional device attributes are gleaned over an extended period of time.  

Cloud Control Center will query Medigate for new information every 24 hours. Any devices learned by Elisity prior to the Connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp. 

Admin-initiated refresh of device info from Medigate: 

Customers should not normally need to use this function, but device classification info retrieved from Medigate can be refreshed on demand for any specific device. 

 

Was this article helpful?
0 out of 0 found this helpful