Integrate NetBox Labs' authoritative network source-of-truth with the Elisity IdentityGraph to enrich asset context and enable identity-based segmentation. This real-time integration correlates IP addresses, interface data, and structured asset metadata with dynamically maintained infrastructure details, improving asset classification, policy group alignment, and automated enforcement across hybrid environments.
Prerequisites
- API URL: Your NetBox Cloud tenant URL in the format https://<yourtenant>.cloud.netboxapp.com/
- API Token: User-generated in NetBox Labs platform (read-only access is sufficient)
NOTE: API tokens can be configured with optional IP whitelisting for additional security. If you need to restrict API access to Elisity Cloud Control Center IP addresses, please contact Elisity Customer Experience team for the current IP allowlist.
Steps to Connect NetBox Labs
Step 1. Create an API Token in NetBox Labs by logging into your NetBox Cloud instance and navigating to Admin > Authentication > API Tokens. Select + Add a new token to create a new API token.
Step 2. Configure the token settings:
- User: Select your user account
- Key: NetBox Labs will auto-generate a token key (minimum 40 characters)
- Write enabled: Leave unchecked (read-only access is sufficient for Elisity integration)
- Expires: Set an appropriate expiration date
- Description: Enter a description such as "Elisity Cloud Control Center Read Access"
- Allowed IPs (optional): Leave blank for no restrictions, or contact Elisity CX team for IP allowlist if needed
NOTE: Be sure to record your API token key before submitting the form, as it may no longer be accessible once the token has been created.
Select Create to generate the token and copy it to your clipboard.
Step 3. Log into Elisity Cloud Control Center and navigate to Settings > Connectors, select the + Add Connector button, and select Configure on the NetBox Labs connector tile.
Step 4. On the Required Configuration tab, input the following and select Submit:
- API URL: Your NetBox Cloud tenant URL (e.g., https://<yourtenant>.cloud.netboxapp.com/)
- API Token: The token you generated in Step 2
Step 5 (optional). Configure advanced settings for the NetBox Labs connector by selecting the Advanced Settings tab. The following table provides details about each advanced setting:
Advanced Settings
The Advanced Settings tab exposes connector-level tuning options that control how Cloud Control Center queries the connector, how learned data is retained, and how the connector's data is used by IdentityGraph and Insights.
The following chart provides details about each advanced setting.
| Setting | Description |
|---|---|
| Global Timer | The frequency at which Cloud Control Center queries the connector for updates. From 1 to 168 hours. Default is 24 hours. |
| Initial Delay | The delay in seconds before Cloud Control Center initiates the first query to the connector after initially discovering a new device. Default is 180 seconds. |
| Connector Data Purging | When enabled, Cloud Control Center purges all data learned about a device from this connector if the device is no longer found when querying the connected application. The time period between purge events is configurable from 1 to 90 days. The connector status will change from "Up to Date" to "Stale" if the device is no longer known by the connector but prior to the purge event. |
| IP Only Based Lookup | Enables fallback behavior to query by IP address when a query by MAC address does not return a result. |
| Query Exclusion Rules | Limit the scope of Cloud Control Center queries by excluding specific Subnets or Virtual Edge Nodes, and by enabling or disabling the querying of devices with Random MAC addresses. |
| Enrichment Lookback Window | Defines how far back IdentityGraph looks for device activity when determining a device's eligibility for enrichment from this connector. Devices whose last seen timestamp falls within the configured window are eligible for enrichment; devices outside the window are not. Increasing this value may improve enrichment coverage for environments with infrequently connected devices (servers, OT systems, remote assets) but can increase processing load. Available values: 1 hour, 1 day, 3 days (default), 7 days, 30 days, 90 days. |
| Trusted Connector |
Controls whether Insights uses data from this connector when generating recommended Policy Groups. When enabled, device attributes from this connector are eligible to inform Insights' Policy Group recommendations. When disabled, Insights ignores this connector as a source for recommendations. Note: This setting only affects Insights recommendations — it does not change device verification status, trust attributes, or how the connector's data is used elsewhere in the platform. |
If the API URL and API Token were correct, all checks will pass and the connector will be created. After successful configuration, you should begin to see devices enriched by NetBox Labs in IdentityGraph.
Connector Status
The Connector status reflects its health and availability based on recent query performance. To ensure accuracy and reduce false positives, the status is determined using a rolling 15-minute evaluation window.
Connector Status Levels:
- Active: Normal operation with minimal query failures.
- Degraded: Increased query failures detected, but the connector is still operational.
- Inactive: The connector is unresponsive due to persistent failures.
Failures are defined as unsuccessful query responses, and the platform continuously monitors performance to update the status accordingly. These status changes are visible in the UI, event logs, and notifications pane for better troubleshooting. Email alerts can also be configured for connector status changes. If the connector has not been queried within the evaluation window, the last known status is retained. This approach ensures reliable status reporting and helps identify potential issues before they impact operations.
Leveraging NetBox Labs with Elisity
Once configured, NetBox Labs enriches devices in the Elisity IdentityGraph with authoritative infrastructure data. This enriched data flows into IdentityGraph as device attributes that can be used in Policy Group match criteria and dynamic device classification.
For details on the specific attributes synchronized from NetBox Labs and how they map to IdentityGraph attributes, see the NetBox Labs Classification Details article.
Additionally, devices enriched by NetBox Labs can be identified using the Trust Attribute "Known in NetBox Labs" when creating dynamic Policy Groups. For more information on using Trust Attributes, see Leveraging Trust Attributes for Policy Group Definition.