Select , select one or more sites, and Add to
Scope.
- After you set the site scope, click Next.
Click Device Grouping to configure the method
for grouping devices on the map based on your needs. You can change
this later.
The device grouping you select determines the type of map you create.
First, group devices by one of the following attributes:
Category, Profile,
Vendor, Subnet,
VLAN ID, or Purdue
Level. Then, optionally, depending on the attribute
you used, organize them within each first-layer group by another
type of attribute in a second layer:
| First set of groups | Second set of groups (optional) |
| Category | – |
| Profile | – |
| Vendor | Risk Level |
| Subnet | Category or Profile |
| VLAN ID | Category or Profile |
| Purdue Level* | Category or Profile |
* Before creating a device visualization map based on
Purdue levels, you must first indicate the Purdue level to which
various devices belong. You can do this by defining custom attribute
rules that apply Purdue levels to devices automatically. This
involves the following process:
Make a list of device attributes, such as profiles, for all
OT devices at Purdue levels 0-3 on your network. Optionally,
make a list of subnets for all other IT and IoT devices that
are separate from OT and are in levels 4-5.
Create six filters on the Devices page, each filter listing a
set of profiles or subnets for the devices at a particular
Purdue level. For more information about filters, see
Device Security Devices Page.
Use the six pre-defined values for Purdue Levels 0-5 to
create
custom attribute
rules to assign Purdue Levels to devices based on the
filters you created (a default filter is used to assign a
Purdue Level to devices based on Category).
Device Security assigns any device that doesn’t match one of these rules
to the “Unknown” level.
For example, if you set the first set of groups as
Subnet and the second set of groups as
Category, you’ll create a map that first
shows devices organized into various subnets. Then if you navigate
to the second layer of the map by clicking one of the subnets,
you’ll see devices grouped by device category within it.
Continue to refine the map scope by entering more parameters to
define the scope of the visualization map and then click
Update.
Device Security displays a visualization based on the scope you
define. The scope must include a time range during which devices
were active on the network (the past day, week, or month). The scope
also typically contains at least one site; however, it’s possible to
make a map without specifying any specific site, in which case the
map includes all sites. In addition to a time range and sites, you
can optionally add numerous filters to narrow the map scope further.
Doing so lets you more easily find the types of devices you’re
looking for and also reduces the number of nodes that the map
displays.
Review the visualization and, if necessary, continue adjusting the
scope and device grouping until the map shows the data you want to
see.
When you’re satisfied with the content of the visualization map,
click Build Map, and then enter the
following:
Name: Enter a name for the visualization
map
Description: Optionally enter a description of
the visualization map for later reference.
Scope: Review the filters that define the
parameters of the map. Because a map can contain up to 500 nodes,
define a scope that stays within this range. You can narrow the
scope by filtering devices by type as well as by various device,
alert, and vulnerability attributes. This filtering behaves much
like the query builder.
Device Grouping: Review the device grouping of
the map. You can edit the grouping method here and while viewing a
saved map.
Click Confirm.
The map immediately becomes available to view on the Networks
Visualization page.
