This article summarizes which device attributes can be enriched from our connector with Dragos, and the benefits of using that enriched data in policy.
Our integration with Dragos is intended to allow customers to use the most accurate device classifications in policy decisions. Dragos collects and analyzes device traffic in order to identify device details and attributes over time. Elisity leverages our own rapid device discovery mechanisms along with the Dragos' analysis so that our customer’s devices get the most appropriate policies applied in a timely manner.
When a new device is discovered by any of Elisity's methods, Cloud Control Center queries Dragos using the following parameters until a match is found:
1. MAC Address Only
A new query is made every 24 hours to check for updated device attributes but can be refreshed on demand by clicking the refresh button next to the Dragos name under the Trust Attributes section of IdentityGraph for a device. Any devices learned by Elisity prior to the Connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp.
Calculation of Vulnerability Score Max and Vulnerability Severity Max
Elisity queries Dragos every three minutes via API to retrieve the latest vulnerabilities and affected devices, and calcuates the following attributes:
Vulnerability Score Max: Highest CVSS score for all associated vulnerabilities
Vulnerability Severity Max: Highest Risk Level for all associated vulnerabilities
Vulnerability Text: Aggregates the CVEs of all associated vulnerabilities
For example, if PLC-2 is associated with different CVEs during a polling cycle:
- CVE-2022-1161 with a Dragos CVSS score of 9.8 with Risk Level as Critical
- CVE-2021-22681 with a Dragos CVSS score of 9.8 with Risk Level as High
- CVE-2022-1797 with a Dragos CVSS score of 8.6 with Risk Level as High
IdentityGraph displays the highest value as follows:
Vulnerability Score Max: 9.8
Vulnerability Severity Max: Critical
Vulnerability Text: CVE-2022-1161, CVE-2021-22681, CVE-2022-1797
IdentityGraph always displays the highest Dragos CVSS score and its corresponding severity for each device, regardless of how many CVEs are associated with it.