Palo Alto IoT Security Device Classification Details

This article summarizes which device attributes can be enriched from our connector with Palo Alto IoT Security, and the benefits of using that enriched data in policy.

Our integration with Palo Alto IoT Security is intended to allow customers to use the most accurate device classifications in policy decisions. Palo Alto IoT Security collects and analyzes device traffic  in order to identify device details and attributes over time. Elisity leverages our own rapid device discovery mechanisms along with the IoT Security analysis so that our customer’s devices get the most appropriate policies applied in a timely manner. 

 

When a new device is discovered by any of Elisity's methods, Cloud Control Center queries Palo Alto IoT Security using the following parameters until a match is found: 

1. DeviceID (MAC Address) first

2. IP Address fallback if MAC Address is not known

 

A new query is made every 24 hours to check for updated device attributes but can be refreshed on demand by clicking the refresh button next to the IdentityGraph tile for Palo Alto IoT Security. Any devices learned by Elisity prior to the Connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp. 

* Medical = IoMT, IT Devices and Office = IT, OT = OT

** Only if IoT then match to IoT. Otherwise, rely on Profile Vertical for Genre

 

 

Risk Score Level

What is the Risk Score Level?

The Risk Score Level is a Core Effective Attribute in IdentityGraph designed to provide clarity regarding the security posture of a device, by classifying it into categories based on its perceived risk. This classification can be:

  • High
  • Medium
  • Low
  • Very Low

This score is dynamically sourced from integrations with external platforms such as Medigate and Claroty xDome. 

Why is it Significant?

  1. Manual Configuration & Bulk Actions: When adding or editing a device, the Risk Score Level is available as a Manual Configuration item, ensuring that you have full control and visibility. Additionally, when adding multiple devices, it can be included as a Bulk Add/Edit field in the CSV.

  2. Device Overview Enhancement: For a comprehensive understanding, the Risk Score Level is a default column on the Device Overview page. This makes sorting and filtering devices based on risk scores straightforward.

  3. Policy Evaluation & Creation: The Risk Score Level is essential when creating policies, especially when dealing with policy groups (PG). It's now an option under Core Effective Attributes when establishing a PG, ensuring your policy creations are as accurate as they are effective.

Risk Score

What is the Risk Score?

The Risk Score is a numerical value assigned to a device and calculated by Palo Alto IoT Security. Risk Score can be leveraged as match criteria during Policy Group definition. Refer to the Palo Alto official documentation in order to understand the range and meaning of different risk score ranges.  

Was this article helpful?
0 out of 0 found this helpful