Endpoint Summary page

The Endpoint Summary page contains all current and historical information about each endpoint discovered by Plixer Endpoint Analytics and can be accessed from any view or page in the web interface that contains links to an endpoint’s MAC or IP address.

The page also allows the user to manually clear or delete the endpoint from the Plixer Endpoint Analytics database or add custom data objects using the buttons near the bottom of the page.

The Endpoint Summary page is divided into the following tabs:

Endpoint Summary

The main tab contains a high-level overview of all endpoint details, including:

  • Profile Match score for the currently assigned Profile

  • Risk Level

  • VLAN information extracted from RADIUS accounting data

  • Any custom data objects associated with the endpoint

The Show Other Profiles link will display all other Profiles that were considered by the Endpoint Profiling Engine but not used due to lower Profile Match scores.

Hint

If Microsoft Defender integration has been configured, the main Endpoint Summary tab will also include a link to the Microsoft Defender overview for the endpoint as well as additional buttons to scan, isolate, or unisolate the device.

Note

Endpoints connected via a Cisco hybrid wireless access point will be labeled as such under their Current Location details. When inspecting device ports, this will be displayed in the Wireless Endpoint View tab.

Risk

The Risk tab contains of a summary of all risk information for the endpoint, with subtabs for individual risk assessment tool reports.

Profile Data

The Profile Data tab contains additional Profile-related details for the endpoint and is further divided into seven subtabs for the following information:

  • DHCP - DHCP lease requests and response data observed by the system

  • Active Directory - Microsoft AD data items (only available if the system has been configured to collect data from AD servers on the network and AD information has been linked to the endpoint)

  • RADIUS - any RADIUS accounting information forwarded from RADIUS clients on the network (if configured)

  • Software - information collected if open port, user agent, web and SMTP server banner, and/or web URL data have been captured

  • Traffic - endpoint communications that have matched configured traffic Profile rules

  • Healthcare - healthcare-specific device data associated with the endpoint

  • Miscellaneous - network stack information collected for the endpoint

Endpoint Events

The Endpoint Events lists all Events triggered by the endpoint throughout its migration between Profiles assignments, as well as additional details for each Event. For more information on Events in Plixer Endpoint Analytics, see the subsection on configuring Events.

MAC History

The MAC History tab contains all historical data tied to the MAC address of the endpoint, divided into three subtabs: MAC History by Port (lists the network device ports the endpoint has been connected to), MAC History by IP (lists all IP addresses used by the endpoint), and MAC History by Profile (lists all Profiles that have been assigned to the endpoint)

IP History

The IP History tab contains all historical data tied to the current IP address of the endpoint, divided into two subtabs: IP History by MAC (lists all MAC addresses that have used the current IP address) and IP History by Profile (lists all Profiles that have been assigned to endpoints using the current IP address)

Note

The period of time covered by the MAC and IP history data for an endpoint can be adjusted by changing the Historical Limit setting. For more information and instructions, see the data processing section of the Plixer Endpoint Analytics configuration guides.