New Features and Enhancements
The vulnerability, posture, and risk score features are deprecated in ClearPass Device Insight.
The following new features are introduced in ClearPass Device Insight:
Auto Discover Switches
Auto discover switches is a method by which ClearPass Device Insight automatically discovers switches in a segment. Automatic discovery of switches is independent of any augmentation method. For more information, see Auto Discover Switches.
The following new features and enhancements were introduced in ClearPass Device Insight:
- Ability to Classify Devices Using MDM Attributes
- Support for Bulk Actions in the All NADs Page
- TCP-based Clustering
- Label Seeding
Ability to Classify Devices Using MDM Attributes
With this release, ClearPass Device Insight introduces the capability to classify devices using Mobile Device Management (MDM Mobile Device Management. MDM is an administrative software to manage, monitor, and secure mobile devices of the employees in a network. ) attributes. ClearPass Device Insight gives precedence to MDM attributes while classifying devices. For example, if a device has both DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. attributes and MDM attributes, ClearPass Device Insight gives precedence to MDM attributes. MDM attributes are displayed in the > > card.
The following MDM attributes are displayed:
- —MDM server name.
- —Manufacturer of the device.
- —Model of the device.
- —Operating system of the device.
- —Type of MDM server.
For more information, see Classified Devices - Device Details Overview.
Support for Bulk Actions in the All NADs Page
You can now perform bulk changes in the
page. The menu is located in the upper right hand corner above the grid:
The menu has the following options that enable different bulk actions to be performed against the NADs that are displayed in the grid:
- —Opens the dialog where you can update the collector associated to all the NADs that are displayed in the grid.
- —Opens the dialog where you can update the polling frequency for all the NADs that are displayed in the grid.
- —Opens the dialog where you can update the status for all the NADs that are displayed in the grid.
- —Opens the dialog where you can delete all the NADs that are displayed in the grid from polling.
For more information, see the following topics:
TCP-based Clustering
With this release, ClearPass Device Insight introduces TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. -based clustering. If a device cannot be assigned a device cluster A device cluster is a logical group of devices having similar properties. using LDA-based clustering, an additional TCP fingerprint classifier is run based on the availability of TCP fingerprint data for the device. If it can, device clusters are formed based on similar TCP fingerprints of generic devices Generic devices are unknown devices which cannot be classified using any of the system or user defined classification criteria. Generic devices do not contain enough fingerprint data to classify them. Generic devices are grouped into device clusters by similar properties and can then be classified by the user either by assigning a classification set to the device cluster or creating a user defined rule. within the device cluster. Devices with or without MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address are considered for TCP fingerprint clustering. This process also provides classification recommendations and they are based on the percentages of the Random Forest class assignments to the generic devices.
Auto classification is not available for TCP fingerprint device clusters. You can view these device clusters on the
page.Using the
dialog you can manage the classification details for a specific cluster. The classification recommendations are displayed on the dialog. If a device cluster is based on TCP fingerprint clustering, the following message is displayed below :Recommendations based on similar TCP fingerprints within this cluster of generic devices.
For more information, see About Generic Devices Page.
Label Seeding
With this release, ClearPass Device Insight introduces label seeding. If sufficient data is not available to assign a device to a cluster, ClearPass Device Insight leverages device data (seed data) from other tenants (customers) to assign the device to a cluster.
If a device cluster is based on LDA clustering, but also includes seed data from the other tenants, the following message is displayed below
:Recommendations based on [XXX (quantity of devices)] similar and augmented classified devices.
For more information, see About Generic Devices Page.
The following new features and enhancements were introduced in ClearPass Device Insight:
- Ability to Classify Devices Using MDM Attributes
- Machine Learning Clustering
- Redesigned Device Details User Interface
Ability to Delete Attributes for an Individual Device
Previously, we provided the capability to delete device attributes for multiple devices at one time. Now with this feature, you can delete the device attributes for an individual device. You can delete all device attributes (static attributes and flow attributes) or just the flow attributes for an individual device. A
button has been added to the dialog of the page, page, and page.To use this feature, perform the following:
- Go to one of the following:
- Select the tab to view the specific devices represented in the dashboard.
- Hover over the device in the grid in which you want to delete the attributes and click the
The
dialog opens displaying additional details for the device in the tab. The attributes for the device are displayed in the card and the card in the tab. The button is displayed In the upper right hand corner of the card.
icon or click the address. - Click
The
dialog opens displaying an button and a button.
in the card. - Delete the attributes for the device by performing one of the following:
- Click to delete all attributes for the device.
- Click to delete only the flow attributes for the device.
- Click
For more information, see Deleting Device Attributes.
Machine Learning Clustering
With this release, ClearPass Device Insight introduces machine learning clustering. This feature replaces similarity-based clustering for the creation of generic device clusters. Machine learning clustering clusters generic devices with classified devices that have similar attributes. The different device attributes for these devices including communication and behavior patterns are extracted for each of these devices. Latent Dirichlet Allocation (LDA) topic modeling is then run against this device data. Machine learning clustering then generates device clusters for the generic devices in the cluster using Eucledian distance. These device clusters are displayed on the page.
In addition, the clusters now provide recommendations of possible classifications to help you easily classify the generic devices. These recommendations are available on the
dialog and depend on the devices that formed the cluster. If recommendations are not provided, you can enter a custom classification. Classification recommendations were not provided with similarity-based clustering.Finally, similarity-based clustering enabled you to create user defined rules A rule is a user defined classification set used by the system to classify unknown (generic) devices or reclassify devices. Rule classification overrides system classification. using the device attributes from the cluster as a template. Machine learning clustering does not enable you to create user defined rules from the clusters.
For more information, see Classifying Generic Devices and Reclassifying Devices.
Redesigned Device Details User Interface
The
dialog has been redesigned. The existing dialog and the dialog were combined into one newly designed dialog that contains all of the device details for a device. This newly designed dialog contains multiple tabs ( and ) and has a different look and feel than the old one. Now you can easily view the device details for a device in one place.Plus, this dialog now opens when you perform a global search for a device using the global search functionality.
Figure 1 Example of the New Device Details Dialog (Partial)
For more information, see Classified Devices - Device Details Overview and Searching for Devices Using Global Search.
The following new features and enhancements were introduced in ClearPass Device Insight:
Bulk Deletion of Device Attributes
You can now delete all device attributes or just flow attributes (Application ID, Application Group, Destination Connections, Destination Hosts, and Ports) from devices. A new
menu with a option has been added to the view of the page, page, and page.To use this feature, perform the following:
- Go to one of the following:
- Select the tab to view the specific devices represented in the dashboard.
- (Optional) Filter the devices that display in the view.
- Click the down arrow in the
The
dialog opens displaying an button and a button.
menu and select - Delete the attributes for the devices by performing one of the following:
- Click to delete all attributes for the devices displayed in the view including the flow attributes.
- Click to delete only the flow attributes for the devices displayed in the view.
- Click
The attributes are deleted from the devices. Device reclassification may occur.
For more information, see Deleting Device Attributes.
Polling of Network Access Devices Without the Need for Span Port
ClearPass Device Insight now provides the capability to poll network access devices (NADs) to discover devices on the network.
The NADs to be polled are managed using the new NAD Network Access Device. NAD is a device that automatically connects the user to the preferred network, for example, an AP or an Ethernet switch. and enter the polling frequency for a NAD. Any NADs discovered during a network discovery scan are automatically displayed on the page. You can also enter new NADs to be polled that were not discovered during a network discovery scan using the new page. After you add a NAD using the page, it is displayed on the page where it can be managed.
page. Using the page you can enable or disable the polling of aAny devices that are discovered during the polling of a NAD are displayed on the
page, page, or page.To use this feature, perform the following:
- Go to
The
page opens displaying all of the NADs available to be polled. If a network discovery scan has been run, any NADs discovered during the scan are automatically displayed on this page. For these NADs, is displayed in the field, is displayed by default in the field, and these NADs are not enabled for polling by default ( field is set to ). - Enable a NAD for polling by performing the following:
- Hover over the NAD row in the grid and click the icon located in the column.
- (Optional) Modify the frequency.
- Click the check box to enable the NAD for polling or clear the check box to disable the NAD for polling.
- Click
- Click
- Add additional NADs by performing the following:
- Go to
- Enter information ( and ) for the new NAD.
- Click the check box to enable the NAD for polling.
- Click
- Click
This NAD is displayed in the
page. For this NAD, the individual's email that created the NAD is displayed in the field.For more information, see Managing Network Access Devices.
The following new features and enhancements were introduced in ClearPass Device Insight:
- View Active Scans
- Create User Defined Rules From Scratch
- New User Interface or User Experience Enhancements
View Active Scans
You can now view the scans that are active for each collector or segment. To use this feature, go to the following:
- and select the new tab within a collector card. The name of the scans that are active are displayed along with the date and time that the scans started.
- and select the new tab within a segment card. The name of the scans that are active are displayed along with the date and time that the scans started.
Create User Defined Rules From Scratch
The user defined rule functionality was enhanced. You can now create a user defined rule from scratch from the
To use this feature, go to and click the action button. The dialog opens giving you the capability to create a rule from scratch.New User Interface or User Experience Enhancements
Several new user interface or user experience enhancements were introduced. They are:
- When adding a filter, you can now add and configure additional fields besides those associated with the specific device. The icon was added to the dialog. When you click this icon, a dialog box opens where you can select the additional fields you wish to configure for the filter. The dialog is accessed by clicking the button from the dialog.
- You can now view the collector that discovered a specific device by using the new
The
column is available in the view, view, and view.
field or column. The field is available on the dialog and the page. - You can no longer schedule subnet Subnet is the logical division of an IP network. scans from the page. The card has been removed from this page. All scans are now scheduled using the page.
This does not impact any existing functionality as all scans scheduled at the segment level have been duplicated at the collector level.
- You can now view when the device attributes were last updated for a device in the card of the page. In the heading of the card, the date and time the attributes were last updated is now displayed.
- You can now view the change history for several more device attributes within the
- The data retention period has been changed for the data records that are displayed in the ClearPass Device Insight now retains the records that are displayed in these cards for two weeks. card and the card of the page.
The following new features and enhancements were introduced in ClearPass Device Insight:
- ClearPass Policy Manager Integration
- Reporting Enhancements
- New User Interface or User Experience Enhancements
ClearPass Policy Manager Integration
ClearPass Device Insight can now seamlessly integrate with ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. where appropriate access control enforcement policies or quarantines can automatically be applied to the spectrum of devices discovered by ClearPass Device Insight.
After the integration between ClearPass Device Insight and ClearPass Policy Manager has been enabled, device information is exchanged between the two applications. Devices that are discovered on the network and classified by ClearPass Device Insight are passed to ClearPass Policy Manager for comprehensive policy control and real-time enforcement. At the same time, information related to those devices that is within ClearPass Policy Manager is sent to ClearPass Device Insight.
You can view all of the devices that are on the network using the ClearPass Device Insight. Using the dialog in ClearPass Device Insight you have a comprehensive view of a specific device and all of its attributes (including those sent from ClearPass Policy Manager).
page, page, and page inFor more information about the integration between ClearPass Device Insight and ClearPass Policy Manager, see ClearPass Policy Manager 6.8 User Guide.
The following user interface changes were made in ClearPass Device Insight for this feature:
- The dialog has been enhanced. You will now be able to filter devices by additional attributes provided by ClearPass Policy Manager.
- The ClearPass Device Insight in collector cards on the page. For these types of cards, the following information is displayed:
- ClearPass Policy Manager instance name.
- When the ClearPass Policy Manager instance was lasted edited.
- Status of the ClearPass Policy Manager instance.
- ClearPass Policy Manager instance integration status whether it is enabled or disabled.
For a ClearPass Policy Manager instance, the card only contains a
tab and does not contain a tab or tab. The tab, displays the IP address of the ClearPass Policy Manager instance and the ClearPass Policy Manager version.You cannot edit this collector card and you cannot disable or enable the integration with ClearPass Policy Manager using this card. Enabling or disabling the integration between ClearPass Device Insight and ClearPass Policy Manager is performed in ClearPass Policy Manager on the Device Insight Integration page.
page will now display the ClearPass Policy Manager instances that are registered for integration with
Reporting Enhancements
The reporting functionality was enhanced. You can now create reports from the
page (Dashboard and List view), page (Dashboard and List view) and page (Dashboard and List view) and then manage all of the reports that are created using the page and its associated dialogs.You create reports using the
dialog accessed from the page, page, or page by clicking the action button. You can schedule reports to run at a frequency of your choosing and you can send these reports to the email addresses of one or more individuals.After the reports are created, using the
page and its associated dialogs you can easily manage the reports. From the page you can:- Edit report configuration options.
- Clone a report.
- Delete a report.
- Download or delete a specific run of a report.
To use this feature:
- Go to one of the following:
- Display information in the or view of the page, page, or page using the display options.
- Click the
The
dialog opens.
action button. - Create the report by selecting the report configuration options and save.
- Go to
The
page appears displaying all of the different reports that you have created. Each report is displayed in an individual card on the page. - Manage the reports by performing one or more of the following:
- Select the tab and download or delete a specific run of the report.
- Click the icon to open the dialog. Use the dialog to edit the report configuration options.
- Click the icon to open the dialog. Use the dialog to clone a report.
- Click the icon to delete the report.
New User Interface or User Experience Enhancements
Several new user interface or user experience enhancements were introduced. They are:
The
operator is now available to be selected when creating a rule on the dialog or when editing a rule on the dialog.The operator associated with each property for a rule is now displayed next to each property on the
dialog.When viewing the device details for a device using global search, a
field and a icon have been added to the card of the page. The field enables you to select the number of destination hosts to show in the sankey chart for each application or protocol. Options are:
The
icon enables you to render the sankey chart in a full screen view.action button has been replaced by the action button on the of the page, page, and page. Using the new Create Report functionality you have the option to immediately export a Dashboard to a PDF file. action button has been replaced by the action button on the view of the page, page, and page. Using the new Create Report functionality you have the option to immediately export a List view to a comma separated file (
Synthetic
addresses for devices are now displayed as on the view of the page, page, and page.The following new features and enhancements were introduced in ClearPass Device Insight:
- Upload List of Subnets to a Segment From a File
- Ability to Classify Devices Using MDM Attributes
- New User Interface or User Experience Enhancements
Upload List of Subnets to a Segment From a File
The
page has been enhanced so that when you are creating or editing a segment you can add subnets to the segment by uploading them from a comma separated value (CSV) file that contains a list of the subnets. An icon was added to the right of the card.To use this feature, go to
Enter the name and description for the segment then click the button. Hover over the card and click the icon to the right of the card.Ability to Add Tags Based on WMI or SSH Log Ins
To assist with identifying which devices are corporate-owned versus employee-owned, a new SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. ) or Windows Management Instrumentation (WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.) log in was successful or not for a device. is displayed for the attribute if SSH log in was successful or if WMI log in was successful. If the attribute is displayed for a device that indicates the device is corporate-owned. Otherwise, the device is considered employee-owned. Existing tag and filter functionality is extended to this new attribute and you can use this attribute to correctly identify devices. You can view the attribute for a device on the dialog or on the page if performing a global search for a device.
device attribute is now collected for a device if Secure Shell (To use this feature, perform one of the following:
- Go to Hover over a device and click the icon. Select the tab.
- Go to global ClearPass Device Insight user interface) and search for a device. (click the icon at the top of the
New User Interface or User Experience Enhancements
Several new user interface or user experience enhancements were introduced. They are:
- Device count is now displayed beside the Tag Name in the dialog.
- Sort capability has been added to the columns in the grid on the
- An button has been added above the grid on the and that opens a column selector dialog. This dialog lists all of the columns available to be displayed in the grid. Using this dialog you can add and remove the columns that display in the grid.
- The card in the page has been enhanced to also display the classification information for a device classified by a system rule. The title of the card has been changed from to and a new value of has been added to the field.
- The field has been added to the card in the page enabling you to filter the traffic flow data by a specific protocol.
- The term cluster has been changed to device cluster in several places on the ClearPass Device Insight user interface. For example, on the page the following changes have been made:
- In the card, the field label has been changed to
- The title of the card has been changed to