Endpoint identity attributes¶
The following table lists all identity attributes used by Plixer Endpoint Analytics’ endpoint profiling engine to compare against profile rules for endpoint classification:
Note
In the web interface, an endpoint’s profile match score indicates the relative degree of certainty that the endpoint has been assigned the correct profile. The profile match score is also used by Plixer Endpoint Analytics to determine if and when an endpoint should be moved out of and/or into a new profile assignment.
Attribute |
Description |
IP-learned only? |
|---|---|---|
Active Directory |
Endpoint data maintained in Active Directory (domain membership, AD computer name, OS, OS version, service pack, AD domain name) |
No |
Custom data |
User-defined attributes |
No |
DHCP client FQDN |
Fully qualified domain name included in the DHCP request |
No |
DHCP client vendor |
Unique vendor class identifier included in the DHCP request |
No |
DHCP hostname |
Hostname included in the DHCP request |
No |
DHCP requested options |
Additional options requested in the DHCP request (Option 55/81) |
No |
DHCP options |
Full list of DHCP options supported by the client included in the DHCP request |
No |
DNS name |
DNS name the IP address resolves to via reverse lookup |
Yes |
Discovery protocol |
Data in the LLDP/CDP message that identifies the device to upstream neighbors |
No |
IP address |
Full host (or subnet) address being used by the endpoint |
No |
MAC address/vendor |
Full MAC address of the endpoint or OUI of the device manufacturer |
No |
RADIUS accounting data |
RADIUS username of the endpoint (successful RADIUS authentication required) |
No |
Server banner |
Contents of web/SMTP server banner returned by the endpoint to connecting clients |
Yes |
SNMP system description |
Contents of SNMP system description collected from devices polled |
No |
Stack information |
TCP stack parameters observed by Plixer Endpoint Analytics when the endpoint opens a TCP connection with another endpoint (TTL, window size, TCP options list) |
Yes |
Open TCP ports |
TCP ports observed to be accepting after traffic analysis |
Yes |
Network traffic |
Characteristics observed in communications with other hosts on a specific UDP/TCP port |
Yes |
Web URL |
URL visited via HTTP |
Yes |
Web user agent |
HTTP user agent string obtained through a browser |
Yes |
Dicom association (healthcare) |
Medical imaging-specific attributes |
No |
Device identifier (healthcare) |
Attributes linked to medical device hardware details |
No |
Make and model (healthcare) |
Attributes linked to medical device identifier details |
No |