Classification Rules

Classification Rules

 Classification rules enable automatic action on devices that meet specific criteria.These criteria are defined by using Tag Queries.

2.      Classification Rule Definition

To define Classification Rule navigate to All Hosts and top of the page to access Classification Rules.


Figure 1 Classification Rules

There are 51 predefined classification rules defined out of the box. You can use predefined rules, or you can create your rules by clicking  button on the up-right corner.

In the classification rule, there are two parts; one is  Tag Query Selection, and second is Rule Settings. In the Tag Query section, you can select target devices which rules will be applied by combining one or more tag queries. In the rule settings page, you can define what actions will be used to selected devices. 


Figure 2 Tag Queries Section Of Rule


Figure 3 Setting Section Of Rule


Setting Name

Explanation

Name

Name of Rule.

Discard Device

Set/Unset Discard Flags of the Target Devices.

Perform Authorisation

Enable Custom Attack Type for the Target Devices.

Attack Type

Select Attack Type, which will be applied the Target Devices. It should be used with Perform Authorisation Action.

VLAN/ACL Name

Set suitable attacking parameters for selected Attack Type (VLAN, ACL e.t.c).

It should be used with  Perform Authorisation Action.

Comment

Comment string that will be updated Target Device Comment Attribute in DB.

Object Type

Change the object Type of Target Devices.

Assign to Group

Change the Inventory Group information of Target Device.

Folder

Folder name under which the Target Devices will be listed. This list accessible in the hover menu on the All Host main menu.

Time Range

The time range in which rules executed. By default, rules are executed in all time intervals.

Execution Interval

How often rules will be executed. By default, all rules executed every 30 seconds.

Clear Alien Flag

Clears Alien flag of Target Devices. Is should be used with Discard Device action.

Overwrite Block Status

Overwrites existing Block flags of Target Devices if any. It should be used with Perform Authorisation action.

Status

Enables/Disabled the rule.

Add to 802.1X MAB List

Add the Target Device MAC address to MAC Address Based(MAB)   authentication table of Radius Server. It should be used if 802.1X is configured.

MAB List Expire Date

When the Target Host entries will be expired in MAB table. It should be used if 802.1X configured.

MAB List VLAN ID

Enter the VLAN information of MAB Authenticated devices.

Table 1 Classification Rule Settings

After defining policy, click the save button. According to your settings rule will be evaluated and you can access your classification results by navigating All  Host and clicking hover menu arrow.

Sample Classification rule definition and view as below


Figure 4 Sample Classification Rule Definition

Viewing Classification Rule Result:


Figure 5 Classification Rule Result



    • Related Articles

    • Inventory Rules

      1.      Introduction  Although granting network access only to authenticated and legitimate devices is of utmost importance, keeping the security posture at a high level is also necessary. Inventory Rules is used for continuously checking your ...
    • NetCyte Management Main Screen

      One of the most crowded screen of NetCyte management platform is Main Screen or "All Host" screen. This part of management platform is designed to show general information about client device, system and other useful functionalities. In this article, ...
    • Tag Queries

      1.      Introduction Tag Queries are SQL Queries to select target hosts or Client IP Addresses from different tables according to requirements. Tag Queries is executed on Database, and the result set is used as target devices. Tag Queries are used in ...
    • NetCyte Quick Deployment Guide

       NetCyte  Quick Deployment Document 1.      Summary This document is a summary of quick deployment of netCyte NAC solution from preconfigured virtual appliances 2.      Objective The objective of the quick deployment is to demonstrate discovery and ...
    • NetCyte DNS Security Quick Deployment Guide

        Captive Portal Quick Deployment Guide       1.      Summary This document is a summary of the quick deployment of the Captive Portal component of NetCyte NAC solution from pre-configured virtual appliances. 2.      Objective The objective of the ...