This article summarizes which device attributes can be enriched from our connector with Palo Alto IoT Security, and the benefits of using that enriched data in policy.
Our integration with Palo Alto IoT Security is intended to allow customers to use the most accurate device classifications in policy decisions. Palo Alto IoT Security collects and analyzes device traffic in order to identify device details and attributes over time. Elisity leverages our own rapid device discovery mechanisms along with the IoT Security analysis so that our customer’s devices get the most appropriate policies applied in a timely manner.
When a new device is discovered by any of Elisity's methods, Cloud Control Center queries Palo Alto IoT Security using the following parameters until a match is found:
1. DeviceID (MAC Address) first
2. IP Address fallback if MAC Address is not known
A new query is made every 24 hours to check for updated device attributes but can be refreshed on demand by clicking the refresh button next to the IdentityGraph tile for Palo Alto IoT Security.
* Medical = IoMT, IT Devices and Office = IT, OT = OT
** Only if IoT then match to IoT. Otherwise, rely on Profile Vertical for Genre
Risk Score Level
What is the Risk Score Level?
The Risk Score Level is a Core Effective Attribute in IdentityGraph designed to provide clarity regarding the security posture of a device, by classifying it into categories based on its perceived risk. This classification can be:
- Very Low
This score is dynamically sourced from integrations with external platforms such as Medigate and Claroty xDome.
Why is it Significant?
Manual Configuration & Bulk Actions: When adding or editing a device, the Risk Score Level is available as a Manual Configuration item, ensuring that you have full control and visibility. Additionally, when adding multiple devices, it can be included as a Bulk Add/Edit field in the CSV.
Device Overview Enhancement: For a comprehensive understanding, the Risk Score Level is a default column on the Device Overview page. This makes sorting and filtering devices based on risk scores straightforward.
Policy Evaluation & Creation: The Risk Score Level is essential when creating policies, especially when dealing with policy groups (PG). It's now an option under Core Effective Attributes when establishing a PG, ensuring your policy creations are as accurate as they are effective.