Create Multi-interface Devices

Some devices have multiple network interfaces. These can be networking and security devices like L3 switches and firewalls with multiple network ports or physical endpoint devices, such as printers, that can connect to both wired and wireless networks.

Because each interface on a multi-interface device has its own MAC address and IP address,

IoT Security

initially considers each interface as a separate single-interface device. This can result in duplicate devices in your asset inventory and duplicate vulnerabilities. When

IoT Security

detects two or more devices that share common attributes, such as hostname or serial number, it provides a recommendation for you to group them as different interfaces on the same multi-interface device. In addition to accepting the recommendation as is, you can modify or ignore the recommendation and merge other devices instead. The merge process involves assigning one “device” as the primary interface and the others as secondary interfaces. When you do this,

IoT Security

applies the device-level attributes of the primary interface to the entire multi-interface device while retaining the network-level attributes for each interface.

Device-level attributes originally learned from the device assigned to be the primary interface and then applied to all merged interfaces	Network-level attributes originally learned on each previously unmerged device and retained for interfaces on the merged device
Category	IP address
Device name	MAC address
Endpoint protection (vendor)	OUI vendor (NIC vendor)
Model	Site
OS group	Status (network connectivity)
OS combined (OS group + OS version)	Subnet
Patient health information support (Medical IoT only)	Switch
Profile	Tags
Risk level	Wireless access point
Risk score	VLAN
Serial number	All network attributes except those for CMMS (computerized maintenance management system), EDR (endpoint detection and response), and External Inventory
Type	All traffic attributes except the following: Software, Software Components, and Restricted Traffic.
Vendor	–

These attributes are assigned to a multi-interface device at the time individual

devices

are merged and become

interfaces

on a single device. After the merge, they can continue to change based on the network behaviors that

IoT Security

observes.

IoT Security

also merges vulnerabilities, security alerts, risk scores, and reports of the previously separate devices as they become interfaces on one device.

Merge Devices into a Multi-interface Device

You can merge one or more devices into a single multi-interface device based on

IoT Security

recommendations or create your own multi-interface device without recommendations. When

IoT Security

has recommendations, it displays a notification above the Inventory table on the

Assets

Devices

page.

View the groups of two or more single-interface devices that
IoT Security
recommends be merged into multi-interface devices.
To see the list, click
View All Recommendations
above the Inventory table.
A panel opens on the right of the Devices page showing all the devices that
IoT Security
recommends merging together and the reason for each recommendation.
Click the arrow to the left of a recommendation to see the individual devices to be merged.
IoT Security
displays the name and profile of each single-interface device that it recommends merging into one multi-interface device.

Clicking
Create
starts the merge process. Clicking
Dismiss
permanently dismisses the recommendation. However, if a dismissed recommendation changes—a device is added to the original recommendation or removed from it—
IoT Security
will make a revised recommendation.
Merge individual devices into a single multi-interface device.
Click

Create

for the multi-interface device you want to create.

This launches a three-step process, the first of which is the selection of devices to merge. The devices that

IoT Security

chose appear in a Selected Devices section above the rest of the devices in the All Devices section.



Keep the

IoT Security

-recommended devices selected if you want to include them in the multi-interface device, clear any you want to exclude, and add more from the All Devices table if you think they should also be included.

Any devices that you select in All Devices are also shown in Selected Devices.

You can’t add a previously merged multi-interface device to another multi-interface device.



When you’re satisfied, click

Next

.

Select the primary interface of the multi-interface device.



While all interfaces retain their network-specific attributes (IP address, MAC address, subnet, and VLAN), the merged device will use the physical device attributes from the primary interface. You might consider choosing the interface that processes the most traffic because

IoT Security

most likely has the most data from this interface and, therefore, the most accurate device identification and risk analysis. If you have a dedicated management subnet and VLAN on your network, another option is to choose the interface in that subnet and VLAN.

After you’ve selected the primary interface for the device, click

Next

and then expand different sections to review the merged attributes.



You can click

Expand All

to view all six sets of attributes at once and then

Collapse All

to close them together. You can reduce the height of expanded sections by clicking

Hide Empty Fields

. To see all fields-–both those with data and those without—

click Show Empty Fields

.

You can also see this information later in the Attributes section on the

Device Details

New device page

after you create the multi-interface device.

When you’re satisfied and want to complete the merge process, click

Create

.

To see the merged device on the

Assets > Devices

page, add a filter to show multi-interface devices.

The newly created multi-interface appears in the Inventory table with the multi-interface device icon ( ) after its device name.



Click the multi-interface device icon ( ) to see its interfaces with the primary interface identified at the top, and to access the

Edit

and

Unmerge

options.


(
Optional
) Edit a multi-interface device.
After creating a multi-interface device, you can later change the primary interface, merge more devices as interfaces into it, remove one or more interfaces from it, or unmerge all interfaces.
To change the primary interface on a multi-interface device:
Select
Assets
Devices
, click the multi-interface icon ( ) to open the Interfaces panel for the device whose primary interface you want to change, and then
Edit
.
Click
Next
to advance to the step where you select a primary interface.
Select the interface that you want to make the new primary interface and then click
Next
.
Review the settings to make sure the new primary interface is the one you want it to be and then
Create
.
To add one or more interfaces to an existing multi-interface device:
Select
Assets
Devices
, click the multi-interface icon ( ) to open the Interfaces panel for the device to which you want to merge one or more single-interface devices as interfaces, and then
Edit
.
Select one or more devices in the All Devices table that you want to convert from single, separate devices to interfaces on the multi-interface device and then click
Next
.
Either keep the previously selected primary interface in its role or make another interface the primary if you want and then click
Next
.
Create
.
To remove one or more interfaces—but not all—and return them to the inventory as individual single-interface devices while keeping the multi-interface devices:
Select
Assets
Devices
, click the multi-interface icon ( ) to open the Interfaces panel for the device whose interfaces you want to remove, and then
Edit
.
Clear the selection of the interfaces that you want to remove from the multi-interface device and then click
Next
.
Either keep the previously selected primary interface in its role or make another interface the primary if you want and then click
Next
.
Create
.
To unmerge all interfaces:
Select
Assets
Devices
, click the multi-interface icon ( ) to open the Interfaces panel for the device whose interfaces you want to unmerge, and then
Edit
.
Confirm
the unmerge operation and return of each interface to an individual single-interface device.