Elisity supports API connectivity to a custom database as a method to enrich IT, IoT, OT and IoMT device discovery and identity. This enables asset data from the custom database to be imported into IdentityGraph for all assets that appear on your Elisity-secured network. This enhances the precision and effectiveness of asset classification.
Prerequisites
The custom database must adhere to the Elisity Open Connector API Specification. After your custom database has been instantiated and configured to meet the Elisity Open Connector API Specification, you can connect Cloud Control Center to it.
Connector Instructions
Step 1. Log into Elisity Cloud Control Center and navigate to Settings > Connectors and select + ADD CONNECTOR
Step 2. Select Configure on the Open Connector tile in the list that pops up on the right side of the screen.
Step 3. Enter the URL of the custom database and configure the authentication method. The following methods are supported:
- Basic: Username and Password
- API Key Credentials: API Key and Token
- oAuth Credentials: Client ID, Client Secret and OAuth URL
Step 4. Configure your desired attribute mappings. Both Core Effective Attributes and a plethora of other attributes can be mapped to user defined API Key Values received in the payload during the query operation. To learn more, read the Elisity Open Connector API Specification article.
To edit the API Key Values, first add the attribute by selecting Add New Attribute, choosing one or many attributes and selecting OK. Then select the edit icon to the right of the newly added attribute. Proceed to edit the API Key Value and then select the save icon.
Step 5. Configure Open Connector Advanced Settings by clicking the Advanced Settings tab. This includes the Match Order, MAC Address Format, and Timers.
Match Order instructs Cloud Control Center how to match an Elisity known asset to an asset received in the payload during the query. By default, Cloud Control Center will leverage all four match methods in the list starting from top to bottom. This order can be manipulated by selecting the 6 dots to the left of the match method and dragging it to the desired position in the list. You can also remove a match method by clicking the trash icon next to it.
You must ensure that the Key Value tied to the match method used to query and received in the payload is the same as what is defined in Cloud Control Center. You can edit this by selecting the edit icon next to the match method.
The MAC letter case and format must match what is being received in the payload. Cloud Control Center allows you to select the letter case of upper or lower, as well as the MAC format.
Finally, you can configure Open Connector timers as shown below.
The following chart provides details about each timer setting
| Global Timer | The frequency at which Cloud Control Center queries the connected database for updates. From 1 to 168 hours. Default is 24 hours. |
| Initial Delay | The delay in seconds before Cloud Control Center initiates the first query to the connected database after initially discovering a new device. Default is 0 seconds |
| Query Exclusion Rules | Limit the scope of Cloud Control Center queries by specifying Subnets and Virtual Edge Nodes, and by enabling or disabling the querying of devices with Random MAC addresses. |
| Connector Data Purging | When the Connector Data Purging feature is enabled, Cloud Control Center will purge all data learned about the device from this connector if the device is no longer found when querying the connected application. The time period between purge events is configurable and can be set between 1 and 90 days. The connector status will change from "Up to Date" to "Stale" if the device is no longer known by the connector but prior to the purge event. |
Step 6. Once the required and advanced settings are configured, select Add to create the Open Connector.
After successfully configuring the Open Connector, you should begin to see newly discovered assets enriched with data from the connected database in IdentityGraph. Any devices learned by Elisity prior to the connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp. Alternatively, you can force a refresh by selecting the refresh button next to the Open Connector name under the Trust Attributes section of IdentityGraph.
You can leverage any learned attribute as match criteria in a PG or as a Trust Attribute.
Connector Status
The Connector status reflects its health and availability based on recent query performance. To ensure accuracy and reduce false positives, the status is determined using a rolling 15-minute evaluation window.
Connector Status Levels:
- Active: Normal operation with minimal query failures.
- Degraded: Increased query failures detected, but the connector is still operational.
- Inactive: The connector is unresponsive due to persistent failures.
Failures are defined as unsuccessful query responses, and the platform continuously monitors performance to update the status accordingly. These status changes are visible in the UI, event logs, and notifications pane for better troubleshooting. Email alerts can also be configured for connector status changes.
If the connector has not been queried within the evaluation window, the last known status is retained. This approach ensures reliable status reporting and helps identify potential issues before they impact operations.