Elisity supports simple API connectivity to Armis as a method to enrich IT, IoT, OT and IoMT device discovery and identity. This enables asset data from Armis to be imported into IdentityGraph for all assets that appear on your Elisity-secured network. This enhances the precision and effectiveness of asset classification.
Prerequisites
- Armis API URL (Unique to your instance)
Armis API Secret Key
Steps to Connect Armis
Step 1. Create a Armis API Secret Key by following the directions below or by reading the Armis API Guide. To access the API guide, log into the Armis console, navigate to Settings and select API Management under the Data Sources category.
a) Log into the Armis console and navigate to Settings > API Management.
b) Under the Secret API Key section, select the Create button.
c) Copy the Secret API Key and then select OK. Please keep it private, as it grants full access to the API.
Step 2. Log into Elisity Cloud Control Center and navigate to Settings > Connectors and select + Add Connector.
Step 3. A list of tiles will slide out from the right side of the screen. Select Configure on the Armis connector.
Step 4. Input the API URL (unique to your instance) and the API Secret Key you generated in the first step and select Submit.
Step 5 (optional). Configure Advanced Settings for the Armis connector.
The following chart provides details about each advanced setting
| Setting | Description |
|---|---|
| Global Timer | The frequency at which Cloud Control Center queries the connector for updates. From 1 to 168 hours. Default is 24 hours. |
| Initial Delay | The delay in seconds before Cloud Control Center initiates the first query to the connector after initially discovering a new device. Default is 0 seconds. |
| Connector Data Purging | When enabled, Cloud Control Center purges all data learned about a device from this connector if the device is no longer found when querying the connected application. The time period between purge events is configurable from 1 to 90 days. The connector status will change from "Up to Date" to "Stale" if the device is no longer known by the connector but prior to the purge event. |
| IP Only Based Lookup | Enables fallback behavior to query by IP address only when a query by MAC address does not return a result. |
| Query Exclusion Rules | Limit the scope of Cloud Control Center queries by excluding specific Subnets or Virtual Edge Nodes, and by enabling or disabling the querying of devices with Random MAC addresses. |
| Trusted Connector |
Controls whether Insights uses data from this connector when generating recommended Policy Groups. When enabled, device attributes from this connector are eligible to inform Insights' Policy Group recommendations. When disabled, Insights ignores this connector as a source for recommendations. Note: This setting only affects Insights recommendations — it does not change device verification status, trust attributes, or how the connector's data is used elsewhere in the platform. |
Step 6. If all of the required connector values are correct, all checks will pass and the connector will be created.
After successful configuration, you should begin to see devices enriched by Armis in IdentityGraph.
Connector Status
The Connector status reflects its health and availability based on recent query performance. To ensure accuracy and reduce false positives, the status is determined using a rolling 15-minute evaluation window.
Connector Status Levels:
- Active: Normal operation with minimal query failures.
- Degraded: Increased query failures detected, but the connector is still operational.
- Inactive: The connector is unresponsive due to persistent failures.
Failures are defined as unsuccessful query responses, and the platform continuously monitors performance to update the status accordingly. These status changes are visible in the UI, event logs, and notifications pane for better troubleshooting. Email alerts can also be configured for connector status changes.
If the connector has not been queried within the evaluation window, the last known status is retained. This approach ensures reliable status reporting and helps identify potential issues before they impact operations.
Leveraging Armis with Elisity
When Elisity discovers a new asset on the network and the Armis connector is active, Cloud Control Center queries the Armis platform via API for additional device attributes in order to enrich IdentityGraph. This enriched data is displayed in the IdentityGraph tab of the Device Details page and can be leveraged in Policy Group definition. Select attributes are mapped to Core Effective Attributes in IdentityGraph and can be seen in the Armis Classification Details article.
If a device discovered by Elisity is also known in Armis, the Trust Attributes flag for Known in Armis will be set to Yes. You can then leverage this trust attribute as match criteria in Policy Group definition.
To learn more about how to leverage IdentityGraph Trust Attributes review the Leveraging Trust Attributes for Policy Group Definition article.
Sharing Asset Enforcement Status with Armis
Step 1. Ensure that the Share Asset Enforcement Status is selected under Required Configuration on the Edit Connector Configuration page.
Step 2. Ensure that at least one asset in the Cloud Control Center has an Enforcement Status of Enforced. For an asset to display Enforced status, it must be associated with a Policy Group that belongs to an active policy set containing at least one active policy for that Policy Group. Note that simulated policies do not contribute to the Enforced status.
Step 3. Log into Armis and navigate to Settings > Custom Properties.
Step 4. On the Custom Properties page select + Add Property.
Step 5. Fill out Property Name and Data Type exactly as shown below and select Add.
Step 6. Navigate to Assets > Devices (All Assets). Select column picker, search Elisity and checkmark the ElisityEnforcement box to add it as a new column.
Step 7. Here, you'll see a checkmark in the Elisity Enforcement column for each device currently enforced by an Elisity policy. You can also view this information within the device Inventory table located in the Custom Properties section.