Claroty xDome Device Classification Details

This article summarizes which device attributes can be enriched from our connector with xDome, and the benefits of using that enriched data in policy.

Our integration with Claroty xDome is intended to allow customers to use the most accurate device classifications in policy decisions. Claroty's collector sniffs, filters and parses traffic in order to analyze device protocols over time. Elisity leverages our own rapid device discovery mechanisms along with the Claroty xDome analysis so that our customer’s devices get the most appropriate policies applied in a timely manner. 

When a new device is discovered by any of Elisity's methods, Cloud Control Center queries xDome using the following parameters until a match is found: 

This article summarizes which device attributes can be enriched from our connector with xDome, and the benefits of using that enriched data in policy.

Our integration with Claroty xDome is intended to allow customers to use the most accurate device classifications in policy decisions. Claroty's collector sniffs, filters and parses traffic in order to analyze device protocols over time. Elisity leverages our own rapid device discovery mechanisms along with the Claroty xDome analysis so that our customer’s devices get the most appropriate policies applied in a timely manner. 

When a new device is discovered by any of Elisity's methods, Cloud Control Center queries xDome using the following parameters until a match is found: 

 

1. MAC + IP Address if both available 

2. MAC

3. IP Alone

 

A new query is made every 24 hours to check for updated device attributes but can be refreshed on demand by clicking the refresh button next to the IdentityGraph tile for Claroty xDome. Any devices learned by Elisity prior to the Connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp. 

 

Risk Score Level

What is the Risk Score Level?

The Risk Score Level is a Core Effective Attribute in IdentityGraph designed to provide clarity regarding the security posture of a device, by classifying it into categories based on its perceived risk. This classification can be:

  • High
  • Medium
  • Low
  • Very Low

This score is dynamically sourced from integrations with external platforms such as Medigate and Claroty xDome. 

Why is it Significant?

  1. Manual Configuration & Bulk Actions: When adding or editing a device, the Risk Score Level is available as a Manual Configuration item, ensuring that you have full control and visibility. Additionally, when adding multiple devices, it can be included as a Bulk Add/Edit field in the CSV.

  2. Device Overview Enhancement: For a comprehensive understanding, the Risk Score Level is a default column on the Device Overview page. This makes sorting and filtering devices based on risk scores straightforward.

  3. Policy Evaluation & Creation: The Risk Score Level is essential when creating policies, especially when dealing with policy groups (PG). It's now an option under Core Effective Attributes when establishing a PG, ensuring your policy creations are as accurate as they are effective.

Risk Score

What is the Risk Score?

The Risk Score is a numerical value assigned to a device and calculated by Claroty xDome. Risk Score can be leveraged as match criteria during Policy Group definition. Refer to the Claroty xDome documentation in order to understand the range and meaning of different risk score ranges.  

Was this article helpful?
0 out of 0 found this helpful