ORDR Classification Details
Overview
ORDR is an asset identity platform that discovers and classifies IT, IoT, and IoMT devices on your network. The ORDR integration enriches device identity data in Elisity's IdentityGraph through continuous monitoring and classification of network-connected devices.
When a device is discovered by Elisity, the ORDR integration automatically queries the ORDR platform to retrieve detailed identity attributes about that device. This enriched data appears in the IdentityGraph Device Details page under the ORDR layer and can be used to build more precise Policy Groups for network segmentation.
Device Matching Logic
The ORDR integration uses a two-step query process to match devices:
- MAC Address + IP Address: The integration first queries ORDR using both the device's MAC address and IP address
- MAC Address Only: If no match is found, the integration falls back to querying by MAC address alone
Attribute Mapping
The ORDR integration retrieves 19 different attributes from the ORDR platform. Six of these attributes are Core Effective Attributes that map to standard Elisity identity attributes, enabling consistent policy creation across multiple integrations. The remaining 13 attributes are ORDR-specific and provide additional context for device classification.
Complete Attribute Mapping
| ORDR API Attribute | Display Name | Elisity Attribute | Core Effective Attribute | Policy Group Match Criteria |
|---|---|---|---|---|
| fqdn | FQDN | Hostname (string after first ".") | Yes | Yes |
| deviceName | Name | N/A | No | Yes |
| Group | Group | N/A | No | Yes |
| DeviceType | Type | Type | Yes | Yes |
| Profile | Profile | N/A | No | Yes |
| MfgName | Manufacturer | Vendor | Yes | Yes |
| vlan | VLAN | N/A | No | Yes |
| ModelNameNo | Model | Model | Yes | Yes |
| fqdn | FQDN | FQDN | Yes | Yes |
| RiskState | Risk | N/A | No | Yes |
| riskScore | Risk Score | N/A | No | Yes |
| criticality | Criticality | N/A | No | Yes |
| deviceSubCategory | ORDR Category | N/A | No | Yes |
| SerialNo | Serial Number | N/A | No | Yes |
| DeviceDescr | Description | N/A | No | Yes |
| OsType | OS Type | Operating System | Yes | Yes |
| OsVersion | OS Version | N/A | No | Yes |
| SwVersion | Software Version | N/A | No | Yes |
| hasPhi | hasPhi | N/A | No | Yes |
VLAN Data Handling
VLAN 0 Filtering: The ORDR integration automatically filters out VLAN values of "0" during data synchronization. In ORDR, a VLAN value of 0 indicates an unknown or unassigned VLAN. These values are excluded from IdentityGraph to ensure accurate device classification and valid VLAN-based policy assignments.
Only devices with valid, non-zero VLAN assignments from ORDR will display VLAN information in IdentityGraph. This filtering prevents confusion and ensures that policy groups using VLAN as match criteria operate on reliable network segmentation data.
Core Effective Attributes are standard Elisity attributes that work consistently across multiple identity integrations (ORDR, Medigate, Nozomi, etc.). When ORDR data maps to these attributes, you can build Policy Groups that work seamlessly regardless of which integration provides the data.
Enriched Data in IdentityGraph
All ORDR attributes appear in the IdentityGraph Device Details page under a dedicated ORDR layer. This allows you to view both Elisity's native classification data and ORDR's specialized healthcare/IoT classification side by side.
Example: Heart Pump Controller
When ORDR enriches an Abiomed Impella heart pump controller, the following data appears in IdentityGraph:
Core Effective Attributes:
- Type: Heart Pump Controller
- Vendor: Abiomed
- Model: Impella
- FQDN: impella-428.ordr.net
- Operating System: Linux Embedded OS
ORDR-Specific Attributes:
- Group: Medical Devices
- ORDR Category: Heart Pump Controller
- Risk: CRITICAL
- Risk Score: 10
- Criticality: LEVEL_5
- hasPhi: true
- Serial Number: AIM89050517
- VLAN: 391
- Software Version: v8.4
Using ORDR Data in Policy Groups
All 19 ORDR attributes can be used in Policy Group Match Criteria, allowing you to build granular segmentation policies based on ORDR's classification data.
Additionally, the "Known in ORDR" trust attribute is automatically available. This boolean attribute indicates whether a device exists in the ORDR platform, enabling you to create policies like:
- "Allow devices Known in ORDR with Criticality = LEVEL_5 to access medical record systems"
- "Segment all devices with hasPhi = true into a PHI-handling network zone"
- "Apply additional monitoring to devices with Risk = CRITICAL"
The ORDR integration refreshes device data every 24 hours by default, ensuring your Policy Groups always operate on current classification information.