Profiling

This section allows to define different parameters for evaluate in every single asset discovered by openNAC, based on this evaluation openNAC insert a tag on asset and the user can generate a policy for validate or filter the assets which match with it.

User device profiling: Allows to manage policies associated with the mechanism to identify the type of asset.

Column types: Allows to manage (add, edit o remove) which components are used by user device profiling section.

../../../_images/Profiling1.png

1. User Devices

In this section the user can create, edit, delete and simulate tags for end-points discovered in the network. Also administrators can import profiles from a csv file.

../../../_images/Profiling.png

In openNAC is possible to manage User device profiling and change it characteristic following the Step 1

In Red: the are the descriptive name for the profiling rule and is recommended to keep intuitive names to identify its reason.

In Blue: There are the mechanism and methods used to identify the type of asset discovery and how its going to be categorized.

  • Banner: openNAC use the banner discovered by the scanner used.
  • DHCP Fingerprint: openNAC use DHCP fingerprint capability to identify the asset type, DHCP fingerprint is a profiling technic that allows you to identify the type of assets based on DHCP messages and its behavior.
  • HTTP: openNAC can use HTTP information harvested by HTTP request to the asset discovered, customized streams can be included to identify assets.
  • MAC Vendor: openNAC can use the OUID associated with MAC vendor in order to discover asset typology.
  • Ports: openNAC can use the ports used (open) by the asset to identify the asset types.
  • Service Information: openNAC use the service information identify by the openNAC scanner (based on nmap) that provide the asset associated with a service.
  • SNMP: openNAC can get and use SNMP information from the assets, additional information such as communities and OID can be used and defined.
  • Results: As soon as the rule is best matched the result and then the TAG is associated to the asset in the openNAC CMDB.

In Green: Define the expression used by the product to identify the assets types, out of the box the product includes different logic that can be used or can be customized.

Yellow: There are comments associated with the mechanism associated with userdevices profiling.

../../../_images/TagPoliciesOption.png

Create a tag using a custom expression for evaluate different parameters. In Add New option fill the blanks with:

Tag Name: Use a name related with tag details

Tag: Describes the name for tag, this name is going to used in policy pre-conditions

../../../_images/TagPoliciesAddNew.png

Expression: Detail of tag, you can include strings used by each network device depends his typology, use the following image as example of a single expression

(|,'DFP_CAMERA')

Note

Administrators can perform a user device profiling simulation for any asset in openNAC cmdb by right clicking and selecting Simulate option.

../../../_images/udpro_simu.png

2. Column Types

Column types define the parameter to evaluate before insert a tag into the assets, The user can define a tag that evaluates some open ports or the MAC vendor and later based on result insert a tag into the devices.

In openNAC is possible to manage with options are used to identify an asset connected in the network:

As shown by the Step 2 allows us to expand profiling capabilities, for instance is possible to use the operating system as shown by the Label 1.

../../../_images/ProfilingCT.png