Create a Visualization Map
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Create a Visualization Map
Create a visualization map based on device attributes such as subnets and profiles or
Purdue levels.
- Select NetworksNetwork Visualizations.Before you create your first network visualization map, the Network Visualizations page displays a map of the world. Any existing sites whose location has been defined appear in those locations on the map. Sites without a defined location appear in an Unknown Sites list in the lower left corner of the map. To define a location for a site, select NetworksNetworks and SitesSites, click N/A in the Location column (or click the three vertical dots icon at the right end of a row and then Edit Site), enter a city name in Site Address, and then Save.After you add and save a visualization map, it appears on this page so that you can return to view the map later by clicking View Map.Create a network visualization map.There isn’t a maximum number of visualization maps you can create, but there is a maximum of 500 nodes (subnets, profiles, devices, and so on) that a map can display. If the number of nodes exceeds 500, IoT Security hides the map and presents the information in table format only.
- Select NetworksNetwork Visualizations+ Create Map, select one or more sites, and Add to Scope.
- After you set the site scope, click Next.
- Click Device Grouping to configure the method for grouping devices on the map based on your needs. You can change this later.The device grouping you select determines the type of map you create. First, group devices by one of the following attributes: Category, Profile, Vendor, Subnet, VLAN ID, or Purdue Level. Then, optionally, depending on the attribute you used, organize them within each first-layer group by another type of attribute in a second layer:
First set of groups Second set of groups (optional) Category – Profile – Vendor Risk Level Subnet Category or Profile VLAN ID Category or Profile Purdue Level* Category or Profile * Before creating a device visualization map based on Purdue levels, you must first indicate the Purdue level to which various devices belong. You can do this by defining custom attribute rules that apply Purdue levels to devices automatically. This involves the following process:- Make a list of device attributes, such as profiles, for all OT devices at Purdue levels 0-3 on your network. Optionally, make a list of subnets for all other IT and IoT devices that are separate from OT and are in levels 4-5.
- Create six filters on the Devices page, each filter listing a set of profiles or subnets for the devices at a particular Purdue level. For more information about filters, see IoT Security Devices Page.
- Use the six pre-defined values for Purdue Levels 0-5 to create custom attribute rules to assign Purdue Levels to devices based on the filters you created (a default filter is used to assign a Purdue Level to devices based on Category). IoT Security assigns any device that doesn’t match one of these rules to the “Unknown” level.
For example, if you set the first set of groups as Subnet and the second set of groups as Category, you’ll create a map that first shows devices organized into various subnets. Then if you navigate to the second layer of the map by clicking one of the subnets, you’ll see devices grouped by device category within it. - Continue to refine the map scope by entering more parameters to define the scope of the visualization map and then click Update.IoT Security displays a visualization based on the scope you define. The scope must include a time range during which devices were active on the network (the past day, week, or month). The scope also typically contains at least one site; however, it’s possible to make a map without specifying any specific site, in which case the map includes all sites. In addition to a time range and sites, you can optionally add numerous filters to narrow the map scope further. Doing so lets you more easily find the types of devices you’re looking for and also reduces the number of nodes that the map displays.
- Review the visualization and, if necessary, continue adjusting the scope and device grouping until the map shows the data you want to see.
- When you’re satisfied with the content of the visualization map, click Build Map, and then enter the following:Name: Enter a name for the visualization mapDescription: Optionally enter a description of the visualization map for later reference.Scope: Review the filters that define the parameters of the map. Because a map can contain up to 500 nodes, define a scope that stays within this range. You can narrow the scope by filtering devices by type as well as by various device, alert, and vulnerability attributes. This filtering behaves much like the query builder.Device Grouping: Review the device grouping of the map. You can edit the grouping method here and while viewing a saved map.
- Click Confirm.The map immediately becomes available to view on the Networks Visualization page.
Purdue Levels Manually reassign devices individually if necessary.After setting up the filters and letting the rules automatically assign devices to Purdue levels, periodically do spot checks of important devices to make sure they are assigned to the correct Purdue level on the visualization map. If any device isn't properly assigned, note its IP and MAC address to look it up by device ID in the IoT Security inventory. Then manually reassign it to the right level on its Device Details page.