NetBox Labs Classification Details

Overview

NetBox Labs is the network source of truth platform that aggregates and organizes infrastructure data across hybrid cloud environments. The NetBox Labs integration enriches the Elisity IdentityGraph with authoritative device metadata, interface information, and infrastructure context from NetBox Cloud, enabling precise device classification and dynamic policy group assignments based on real-time infrastructure data.

When configured, IdentityGraph device records display enriched data from NetBox Labs, including device identifiers, location information, asset metadata, and organizational context. This data flows into IdentityGraph as device attributes that can be leveraged in Policy Group match criteria for automated, identity-aware segmentation.

Device Matching Logic

The NetBox Labs integration queries devices using a three-step matching process during reactive discovery when a new device attach occurs:

1. MAC + IP: Cloud Control Center first attempts to match devices using both MAC address and IP address
2. MAC Only: If the MAC + IP match does not return a result, the system queries by MAC address only
3. IP Address Fallback: If the MAC address is not known, the system falls back to querying by IP address only (IF IP only device querying is enabled in the connector Advanced Settings)

This flexible matching approach ensures device enrichment even when NetBox Labs records are indexed primarily by IP address or when MAC address data is unavailable.

Attribute Mapping

The NetBox Labs integration synchronizes attributes from NetBox Cloud to IdentityGraph. Of these, several attributes are designated as Core Effective Attributes - standardized attributes used across multiple identity integrations for consistent policy creation.

Complete Attribute Mapping

The following table documents all attributes retrieved from NetBox Labs and how they map to IdentityGraph:

Enriched Data in IdentityGraph

Once configured, NetBox Labs enrichment data appears in the IdentityGraph section of each device's detail page within Cloud Control Center.

Example: Network Switch Enriched by NetBox Labs

For a network switch enriched by NetBox Labs, IdentityGraph displays attributes such as:

NetBox Labs-Specific Attributes:

• Name: AUSYD01-SW-1
• NetBox ID: 141
• Device Status: Active
• Site: Sydney
• Device Type: C9200-24P
• Location: Comms Room
• Asset Tag: AssetTag123
• Vendor: Cisco
• Operating System: Cisco IOS
• Serial Number: 2231ADS23122
• Description: A Description test
• Tags: consulting, europe

All attributes shown above are available for use in dynamic Policy Group match criteria, enabling automated segmentation based on infrastructure context maintained in NetBox Labs.

Using NetBox Labs Data in Policy Groups

All attributes synchronized from NetBox Labs can be used as match criteria when defining dynamic Policy Groups. This enables you to create policies based on authoritative infrastructure data such as device location, site assignment, asset tags, or device type.

Additionally, devices enriched by NetBox Labs can be identified using the Trust Attribute "Known in NetBox Labs" when creating dynamic Policy Groups. This allows you to create policies specifically for devices that are managed and tracked in your NetBox source of truth.

Example Policy Group Use Cases:

• Create a Policy Group for all devices in the "Sydney" site using the Site attribute
• Segment devices by physical location using the Location attribute (e.g., "Comms Room", "Data Center")
• Apply policies based on device type using the Device Type attribute (e.g., all C9200-24P switches)
• Use Tags for flexible grouping based on organizational context (e.g., "consulting", "production")

The NetBox Labs connector queries for updates based on the Global Timer setting (default: 24 hours), ensuring IdentityGraph remains synchronized with your infrastructure source of truth.