Create Multi-interface Devices

Some devices have multiple network interfaces. These can be networking and security devices like L3 switches and firewalls with multiple network ports or physical endpoint devices, such as printers, that can connect to both wired and wireless networks.

Because each interface on a multi-interface device has its own MAC address and IP address, IoT Security initially considers each interface as a separate single-interface device. This can result in duplicate devices in your asset inventory and duplicate vulnerabilities. When IoT Security detects two or more devices that share common attributes, such as hostname or serial number, it provides a recommendation for you to group them as different interfaces on the same multi-interface device. In addition to accepting the recommendation as is, you can modify or ignore the recommendation and merge other devices instead. The merge process involves assigning one “device” as the primary interface and the others as secondary interfaces. When you do this, IoT Security applies the device-level attributes of the primary interface to the entire multi-interface device while retaining the network-level attributes for each interface.

Device-level attributes originally learned from the device assigned to be the primary interface and then applied to all merged interfaces	Network-level attributes originally learned on each previously unmerged device and retained for interfaces on the merged device
Category	IP address
Device name	MAC address
Endpoint protection (vendor)	OUI vendor (NIC vendor)
Model	Site
OS group	Status (network connectivity)
OS combined (OS group + OS version)	Subnet
Patient health information support (Medical IoT only)	Switch
Profile	Tags
Risk level	Wireless access point
Risk score	VLAN
Serial number	All network attributes except those for CMMS (computerized maintenance management system), EDR (endpoint detection and response), and External Inventory
Type	All traffic attributes except the following: Software, Software Components, and Restricted Traffic.
Vendor	–

These attributes are assigned to a multi-interface device at the time individual devices are merged and become interfaces on a single device. After the merge, they can continue to change based on the network behaviors that IoT Security observes. IoT Security also merges vulnerabilities, security alerts, risk scores, and reports of the previously separate devices as they become interfaces on one device.

Merge Devices into a Multi-interface Device

You can merge one or more devices into a single multi-interface device based on IoT Security recommendations or create your own multi-interface device without recommendations. When IoT Security has recommendations, it displays a notification above the Inventory table on the AssetsDevices page.

1. View the groups of two or more single-interface devices that IoT Security recommends be merged into multi-interface devices.

   1. To see the list, click View All Recommendations above the Inventory table.
      A panel opens on the right of the Devices page showing all the devices that IoT Security recommends merging together and the reason for each recommendation.
   2. Click the arrow to the left of a recommendation to see the individual devices to be merged.
      IoT Security displays the name and profile of each single-interface device that it recommends merging into one multi-interface device.
      Clicking Create starts the merge process. Clicking Dismiss permanently dismisses the recommendation. However, if a dismissed recommendation changes—a device is added to the original recommendation or removed from it—IoT Security will make a revised recommendation.
2. Merge individual devices into a single multi-interface device.

   1. Click Create for the multi-interface device you want to create.
      This launches a three-step process, the first of which is the selection of devices to merge. The devices that IoT Security chose appear in a Selected Devices section above the rest of the devices in the All Devices section.

   2. Keep the IoT Security-recommended devices selected if you want to include them in the multi-interface device, clear any you want to exclude, and add more from the All Devices table if you think they should also be included.
      Any devices that you select in All Devices are also shown in Selected Devices.
      You can’t add a previously merged multi-interface device to another multi-interface device.

   3. When you’re satisfied, click Next.
   4. Select the primary interface of the multi-interface device.
      While all interfaces retain their network-specific attributes (IP address, MAC address, subnet, and VLAN), the merged device will use the physical device attributes from the primary interface. You might consider choosing the interface that processes the most traffic because IoT Security most likely has the most data from this interface and, therefore, the most accurate device identification and risk analysis. If you have a dedicated management subnet and VLAN on your network, another option is to choose the interface in that subnet and VLAN.
   5. After you’ve selected the primary interface for the device, click Next and then expand different sections to review the merged attributes.
      You can click Expand All to view all six sets of attributes at once and then Collapse All to close them together. You can reduce the height of expanded sections by clicking Hide Empty Fields. To see all fields-–both those with data and those without—click Show Empty Fields.
      You can also see this information later in the Attributes section on the Device DetailsNew device page after you create the multi-interface device.
   6. When you’re satisfied and want to complete the merge process, click Create.
   7. To see the merged device on the Assets > Devices page, add a filter to show multi-interface devices.
      The newly created multi-interface appears in the Inventory table with the multi-interface device icon (

      ) after its device name.

   8. Click the multi-interface device icon (

      ) to see its interfaces with the primary interface identified at the top, and to access the Edit and Unmerge options.

3. (Optional) Edit a multi-interface device.

   After creating a multi-interface device, you can later change the primary interface, merge more devices as interfaces into it, remove one or more interfaces from it, or unmerge all interfaces.

   To change the primary interface on a multi-interface device:

   1. Select AssetsDevices, click the multi-interface icon (

      ) to open the Interfaces panel for the device whose primary interface you want to change, and then Edit.
   2. Click Next to advance to the step where you select a primary interface.
   3. Select the interface that you want to make the new primary interface and then click Next.
   4. Review the settings to make sure the new primary interface is the one you want it to be and then Create.

   To add one or more interfaces to an existing multi-interface device:

   1. Select AssetsDevices, click the multi-interface icon (

      ) to open the Interfaces panel for the device to which you want to merge one or more single-interface devices as interfaces, and then Edit.
   2. Select one or more devices in the All Devices table that you want to convert from single, separate devices to interfaces on the multi-interface device and then click Next.
   3. Either keep the previously selected primary interface in its role or make another interface the primary if you want and then click Next.
   4. Create.

   To remove one or more interfaces—but not all—and return them to the inventory as individual single-interface devices while keeping the multi-interface devices:

   1. Select AssetsDevices, click the multi-interface icon (

      ) to open the Interfaces panel for the device whose interfaces you want to remove, and then Edit.
   2. Clear the selection of the interfaces that you want to remove from the multi-interface device and then click Next.
   3. Either keep the previously selected primary interface in its role or make another interface the primary if you want and then click Next.
   4. Create.

   To unmerge all interfaces:

   1. Select AssetsDevices, click the multi-interface icon (

      ) to open the Interfaces panel for the device whose interfaces you want to unmerge, and then Edit.
   2. Confirm the unmerge operation and return of each interface to an individual single-interface device.