Elisity supports API connectivity to a custom database as a method to enrich IT, IoT, OT and IoMT device discovery and identity. This enables asset data from the custom database to be imported into IdentityGraph for all assets that appear on your Elisity-secured network. This enhances the precision and effectiveness of asset classification.
Prerequisites
The custom database must adhere to the Elisity Open Connector API Specification. After your custom database has been instantiated and configured to meet the Elisity Open Connector API Specification, you can connect Cloud Control Center to it.
Connector Instructions
Step 1. Log into Elisity Cloud Control Center and navigate to Settings > Connectors and select + ADD CONNECTOR
Step 2. Select Configure on the Open Connector tile in the list that pops up on the right side of the screen.
Step 3. Enter the URL of the custom database and configure the authentication method. The following methods are supported:
- Basic: Username and Password
- API Key Credentials: API Key and Token
- oAuth Credentials: Client ID, Client Secret and OAuth URL
Step 4. Configure your desired attribute mappings. Both Core Effective Attributes and a plethora of other attributes can be mapped to user defined API Key Values received in the payload during the query operation. To learn more, read the Elisity Open Connector API Specification article.
To edit the API Key Values, first add the attribute by selecting Add New Attribute, choosing one or many attributes and selecting OK. Then select the edit icon to the right of the newly added attribute. Proceed to edit the API Key Value and then select the save icon.
Step 5. Configure Open Connector Advanced Settings by clicking the Advanced Settings tab. This includes the Match Order, MAC Address Format, and Timers.
Match Order instructs Cloud Control Center how to match an Elisity known asset to an asset received in the payload during the query. By default, Cloud Control Center will leverage all four match methods in the list starting from top to bottom. This order can be manipulated by selecting the 6 dots to the left of the match method and dragging it to the desired position in the list. You can also remove a match method by clicking the trash icon next to it.
You must ensure that the Key Value tied to the match method received in the payload is the same as what is defined in Cloud Control Center. You can edit this by selecting the edit icon next to the match method.
The MAC letter case and format must match what is being received in the payload. Cloud Control Center allows you to select the letter case of upper or lower, as well as the MAC format.
Finally, you can configure Open Connector timers as shown below.
The following chart provides details about each timer setting
Global Timer | The frequency at which Cloud Control Center queries the connected database for updates. From 1 to 168 hours. Default is 24 hours. |
Re-query Attempts |
The number of times Cloud Control Center attempts to query the connected database after an empty payload return or query failure. From 1 to 10 attempts. Default is 4. Setting a value of 0 disables this feature. If all attempts return an empty payload or fail, the connected database data for the asset is removed. |
Re-query Backoff Timer | In case of empty payload return or query failure, this sets how long Cloud Control Center waits before querying again for the first time. Cloud Control Center will leverage the Re-query Backoff Multiplier to calculate how long to wait for subsequent attempts. In minutes. Default is 3 minutes. |
Re-query Backoff Multiplier |
The multiplier used by Cloud Control Center to calculate how long to wait to query the connected database after the initial re-query attempt. Default is 3 Example. If the Re-query Backoff Timer is set to 3 and the Re-query Backoff Multiplier is set to 2 then: Re-query 1: 3 minutes after initial failed query Re-query 2: 6 minutes after first failed re-query Re-query 3: 12 minutes after second re-query Re-query 4: 24 minutes after third re-query and so on until Re-query attempts value is reached. |
Initial Delay | The delay in seconds before Cloud Control Center initiates the first query to the connected database after initially discovering a new device. Default is 0 seconds |
Step 6. Once the required and advanced settings are configured, select Add to create the Open Connector.
After successfully configuring the Open Connector, you should begin to see newly discovered assets enriched with data from the connected database in IdentityGraph. Any devices learned by Elisity prior to the connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp. Alternatively, you can force a refresh by selecting the refresh button next to the Open Connector name under the Trust Attributes section of IdentityGraph.
You can leverage any learned attribute as match criteria in a PG or as a Trust Attribute.