Connect Dragos

Elisity supports simple API connectivity to Dragos as a method to enrich IT, IoT, and OT device discovery and identity. This enables asset data from Dragos to be imported into IdentityGraph for all assets that appear on your Elisity-secured network. This enhances the precision and effectiveness of asset classification.

 

Prerequisites

  • Dragos API URL (Unique to your instance)
  • Dragos API Key ID

  • Dragos API Key Secret

 

Steps to Connect Dragos

Step 1. Generate a Dragos API key by following the directions below.

a) Log into the Dragos console and navigate to Admin > Users. Under the user select + Add New API Key.

 

b) The Generate New API Key box expands. In the Name field, add the name of the API Key being added, for example ElisityApp. Click Generate Key and a message box appears. Copy all the details to a notepad for later. Click OK. 

 

NOTE:
This is the only time the secret is displayed. Once this message box is closed, there is no way
to retrieve the secret. If the secret his lost, then the API Key must be deleted and a new API Key
assigned.

 

Step 2. Log into Elisity Cloud Control Center and navigate to Settings > Connectors and select + Add Connector button. 

 

Step 3. A list of tiles will slide out from the right side of the screen. Select configure on the Dragos connector. 

 

Step 4. Input the API URL (unique to your instance). the API Key Name and the API Key Token you generated in the previous step and select Submit.

 

Configure advanced settings for the Dragos connector.

 

The following chart provides details about each advanced setting

Global Timer The frequency at which Cloud Control Center queries Dragos for updates. From 1 to 168 hours. Default is 24 hours.
Initial Delay The delay in seconds before Cloud Control Center initiates the first query to Dragos after initially discovering a new device. Default is 0 seconds
Query Exclusion Rules Limit the scope of Cloud Control Center queries by specifying Subnets and Virtual Edge Nodes, and by enabling or disabling the querying of devices with Random MAC addresses.
Connector Data Purging When the Connector Data Purging feature is enabled, Cloud Control Center will purge all data learned about the device from this connector if the device is no longer found when querying the connected application. The time period between purge events is configurable and can be set between 1 and 90 days. The connector status will change from "Up to Date" to "Stale" if the device is no longer known by the connector but prior to the purge event. 

 

 

Step 6. If all of the required connector values are correct, all checks will pass and the connector will be created. 

 

After successfully configuring the Dragos Networks connector, you should begin to see newly discovered assets enriched with data from Dragos in IdentityGraph. Any devices learned by Elisity prior to the connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp. Alternatively, you can force a refresh by selecting the refresh button next to the Dragos name under the Trust Attributes section of IdentityGraph.

Connector Status

The Connector status reflects its health and availability based on recent query performance. To ensure accuracy and reduce false positives, the status is determined using a rolling 15-minute evaluation window.

Connector Status Levels:

  • Active: Normal operation with minimal query failures.
  • Degraded: Increased query failures detected, but the connector is still operational.
  • Inactive: The connector is unresponsive due to persistent failures.

Failures are defined as unsuccessful query responses, and the platform continuously monitors performance to update the status accordingly. These status changes are visible in the UI, event logs, and notifications pane for better troubleshooting. Email alerts can also be configured for connector status changes.

If the connector has not been queried within the evaluation window, the last known status is retained. This approach ensures reliable status reporting and helps identify potential issues before they impact operations.

 

Leveraging Dragos with Elisity

When Elisity discovers a new asset on the network and the Dragos connector is active, Cloud Control Center queries the Dragos platform via API for additional device attributes in order to enrich IdentityGraph. This enriched data is displayed in the IdentityGraph tab of the device and can be leveraged in Policy Group definition. 

 

 

 

 

If a device discovered by Elisity is also known in Dragos, the Trust Attribute flag for "Known in Dragos" will be set to Yes. You can then leverage this trust attribute as match criteria in Policy Group definition. 

To learn more about how to leverage IdentityGraph Trust Attributes review the Leveraging Trust Attributes for Policy Group Definition article.

 

 

 

Was this article helpful?
0 out of 0 found this helpful