To define Classification
Rule navigate to All Hosts and top of the page to access Classification Rules.
There are 51 predefined classification rules defined out of the
box. You can use predefined rules, or you can create your rules by clicking button on the up-right
corner.
In the classification rule, there are two parts; one is Tag Query Selection, and second is Rule Settings. In the Tag Query section, you can select target devices which rules will be applied by combining one or more tag queries. In the rule settings page, you can define what actions will be used to selected devices.
Figure 2 Tag Queries Section Of Rule
Setting Name |
Explanation |
Name |
Name of Rule. |
Discard Device |
Set/Unset Discard Flags of the Target Devices. |
Perform Authorisation |
Enable Custom Attack Type for the Target Devices. |
Attack Type |
Select Attack Type, which will be applied the Target Devices. It
should be used with Perform Authorisation Action. |
VLAN/ACL Name |
Set suitable attacking parameters for selected Attack Type (VLAN, ACL
e.t.c). It should be used with Perform
Authorisation Action. |
Comment |
Comment string that will be updated Target Device Comment Attribute
in DB. |
Object Type |
Change the object Type of Target Devices. |
Assign to Group |
Change the Inventory Group information of Target Device. |
Folder |
Folder name under which the Target Devices will be listed. This list
accessible in the hover menu on the All Host main menu. |
Time Range |
The time range in which rules executed. By default, rules are executed
in all time intervals. |
Execution Interval |
How often rules will be executed. By default, all rules executed
every 30 seconds. |
Clear Alien Flag |
Clears Alien flag of Target Devices. Is should be used with Discard
Device action. |
Overwrite Block Status |
Overwrites existing Block flags of Target Devices if any. It should
be used with Perform Authorisation action. |
Status |
Enables/Disabled the rule. |
Add to 802.1X MAB List |
Add the Target Device MAC address to MAC Address Based(MAB) authentication
table of Radius Server. It should be used if 802.1X is configured. |
MAB List Expire Date |
When the Target Host entries will be expired in MAB table. It
should be used if 802.1X configured. |
MAB List VLAN ID |
Enter the VLAN information of MAB Authenticated
devices. |
Table 1 Classification Rule Settings
After defining policy, click the save button. According to your settings rule will be evaluated and you can access your classification results by navigating All Host and clicking hover menu arrow.
Sample Classification rule definition and view as below
Figure 5 Classification Rule Result