Endpoint Summary page¶
The Endpoint Summary page contains all current and historical information about each endpoint discovered by Plixer Endpoint Analytics and can be accessed from any view or page in the web interface that contains links to an endpoint’s MAC or IP address.
This page also allows the user to manually clear or delete the endpoint from the Plixer Endpoint Analytics database or add custom data objects using the buttons near the bottom of the page.
The Endpoint Summary page is divided into the following tabs:
Endpoint Summary¶
The main tab contains a high-level overview of all endpoint details, including:
Profile match score for the currently assigned profile
Risk level
VLAN information extracted from RADIUS accounting data
Any custom data objects associated with the endpoint
The Show Other Profiles link will display all other profiles that were considered by the Endpoint Profiling Engine but not used due to lower profile match scores.
Hint
If Microsoft Defender integration has been configured, the main Endpoint Summary tab will also include a link to the Microsoft Defender overview for the endpoint as well as additional buttons to scan, isolate, or unisolate the device.
Note
Endpoints connected via a Cisco hybrid wireless access point will be labeled as such under their Current Location details. When inspecting device ports, this will be displayed in the Wireless Endpoint View tab.
Risk¶
The Risk tab contains a summary of all risk information for the endpoint, with subtabs for individual risk assessment tool reports.
Profile Data¶
The Profile Data tab contains additional profile-related details for the endpoint and is further divided into seven subtabs for the following information:
DHCP - DHCP lease requests and response data observed by the system
Active Directory - Microsoft AD data items (only available if the system has been configured to collect data from AD servers on the network and AD information has been linked to the endpoint)
RADIUS - Any RADIUS accounting information forwarded from RADIUS clients on the network (if configured)
Software - Information collected if open port, user agent, web and SMTP server banner, and/or web URL data have been captured
Traffic - Endpoint communications that have matched configured traffic profile rules
Healthcare - Healthcare-specific device data associated with the endpoint
Miscellaneous - Network stack information collected for the endpoint
Endpoint Events¶
The Endpoint Events tab lists all events triggered by the endpoint throughout its migration between profile assignments, as well as additional details for each event. For more information on events in Plixer Endpoint Analytics, see the subsection on configuring events.
MAC History¶
The MAC History tab contains all historical data tied to the MAC address of the endpoint, divided into three subtabs:
MAC History by Port - Lists the network device ports the endpoint has been connected to
MAC History by IP - Lists all IP addresses used by the endpoint
MAC History by Profile - Lists all profiles that have been assigned to the endpoint
IP History¶
The IP History tab contains all historical data tied to the current IP address of the endpoint, divided into two subtabs:
IP History by MAC - Lists all MAC addresses that have used the current IP address
IP History by Profile - Lists all profiles that have been assigned to endpoints using the current IP address
Note
The period of time covered by the MAC and IP history data for an endpoint can be adjusted by changing the Historical Limit setting. For more information and instructions, see the data processing section of the Plixer Endpoint Analytics configuration guides.