Endpoints menu¶
The Endpoints menu group of the Plixer Endpoint Analytics web interface allows the user to toggle between a wide range of sorting and viewing options in order to quickly look up profiles, profile groups, and other vital endpoint data.
Clicking on a link in any of the views will either drill down into the category or, in the case of MAC and IP addresses, open the Endpoint Summary page for that endpoint.
Note
In the main page of each view, groupings (profiles, profile groups, MAC vendors, etc.) that do not contain any discovered endpoints will not be displayed.
Directory¶
The Directory view lists all currently enabled profiles that have at least one endpoint, along with their profile groups and the number of endpoints that have been assigned that profile. The table also includes a Not Profiled category for endpoints that have been discovered but have not yet been assigned a profile.
To view the endpoints under a profile as well as additional details about them, click on the profile name on the main Endpoints Directory page.
By Network Device¶
The By Network Device view lists all network infrastructure device (NID) groups and the number of endpoints associated with each one. Clicking on a group name will bring up a table of all network devices in that group as well as their IP addresses.
From there, click on the IP address of an NID to view a list of all endpoints connected to the device, sorted by port number.
The Query Now button on this page will trigger an immediate SNMP poll and update the Plixer Endpoint Analytics database with the latest device data.
By Profile Group¶
The By Profile Group view lists all profile groups and the number of endpoints that have been assigned profiles within each group.
To view a table of all profiles and endpoints under a group, click on the profile group name.
By MAC Vendor¶
The By MAC Vendor view lists all MAC Vendor names and the number of endpoints registered with each MAC Vendor ID (OUI).
To view all endpoints with the same OUI, click on the MAC Vendor name in the list.
By Computer OS¶
The By Computer OS view lists all operating systems (OSs) currently used by discovered devices and the number of endpoints using each OS.
To view all endpoints using a specific OS, click click on the OS name in the list.
By Computer Domain Names¶
The By Computer Domain Name view lists all domain names used by discovered endpoints and the number of endpoints that belong to each domain.
To view all endpoints belonging to a specific domain, click on the domain name in the list.
By Custom Data¶
The By Custom Data view lists all custom data objects that have been attached to endpoints and the number of endpoints associated with each one.
To view all endpoints with the same custom data object attached, click on the custom data string in the list.
By RADIUS User Names¶
The By RADIUS User Name view lists all RADIUS usernames used for authentication with discovered endpoints.
To view all endpoints tied to a specific RADIUS username, click on the name in the list.
Risk¶
The Risk view lists all endpoints, along with their assigned profiles and a breakdown of individual risk scores by assessment tool/service.
Note
A -
in one of the risk columns for an endpoint indicates that no risk data is available for that source.
By VLAN¶
The By VLAN view lists all NID groups and the number of VLANs under each group. Clicking on an NID group name will bring up a table of the VLANs belonging to the group and the number of profiles associated with each one.
To view a list of profiles associated with a specific VLAN, click on the VLAN name in the list.
Network Topology¶
The Network Topology view displays a graphical representation of the network as discovered by Plixer Endpoint Analytics. The main page displays all NID groups containing devices with connected endpoints as well as an Ungrouped category for devices that have not been assigned to any NID groups. From there, the different elements of the visualization can be used to drill down and view the NIDs in each group and the endpoints connected to each one.
Hint
NIDs that have been polled recently will be displayed in green, while those that have been unreachable since they were added will be displayed in red.
IP-Only Endpoints¶
The IP-Only view lists all profiles assigned to endpoints that have not yet been mapped to their corresponding MAC addresses. The main table can be filtered by subnet group (requires the subnet groups to have been previously added).
From the main table, clicking on a profile name will display a page with all IP-only endpoints under that profile, where clicking on an individual IP address will bring up the Endpoint Summary Page.
Retired¶
The Retired Endpoints view lists all profiles assigned to endpoints that have been inactive for the configured endpoint timeout setting and flagged as retired.
Hint
For additional information about retired endpoints and the endpoint timeout setting, see the data processing section of the Plixer Endpoint Analytics configuration guides.
From the main table, clicking on a profile name will display all retired endpoints under that profile, along with their last known IP, profile match score, last location, and the date they were retired.
Unconnected Ports View¶
The Unconnected Ports View option displays a list of all device ports that have been reported as being down during the most recent SNMP poll sorted by the NIDs they’re attached to.
Clicking on either the name or IP address of an NID will open the Edit Network Device page.
View Endpoint Events¶
The View Endpoint Events option displays a history of all Events triggered by endpoints discovered by Plixer Endpoint Analytics. An event’s details and management options will be accessible from this page until it is manually cleared from the system or automatically removed due to the event history setting.
To manually clear events from the system, tick the corresponding checkboxes in the first column of the table, and then click the Delete Selected button. Individual endpoints can also be cleared from their Endpoint Summary page.