Change a device role

The ExtraHop system automatically discovers and classifies devices on your network. You can search for devices by their observed IP address, hostname, activity, or MAC address. Based on the type of traffic and protocol activity associated with a device, the ExtraHop system can automatically assign a role to a device, such as database or file server, to classify device behavior. You can change a device role at anytime.

Note:Learn about device role icons.
  1. Log into the Web UI on the Discover or Command appliance.
  2. Find a device and then click the device name.
    A protocol page appears, which displays traffic and protocol activity for the selected device.
  3. Click Overview in the left pane below the device name.
  4. In the Manage Device section in the upper right corner of the page, click Properties.
  5. In the Device Role section, click the drop-down list and then click one of the following roles:

    Auto: Click to make sure that the ExtraHop system automatically assigns a role for a device. The role that the ExtraHop system identified for the device appears in parentheses.

    Gateway: Assign to a device that acts a router or gateway. The ExtraHop system automatically assigns the gateway role to an L2 device with a large amount of unique IP addresses (past a certain threshold) are associated with that device. Gateway device names include the router name (for example, “Cisco B1B500”). Unlike other L2 parent device, you can add a gateway device to the watchlist for Advanced Analysis.

    Database: Assign to a device that hosts a database instance.

    File Server: Assign to a device that responds to read and write requests for files over NFS and CIFS/SMB protocols.

    Web Server: Assign to a device that hosts web resources and responds to HTTP requests.

    Load Balancer: Assign to a device that acts as a reverse proxy for distributing traffic across multiple servers. The ExtraHop system does not automatically assign the Load balancer role to a device.

    Firewall: Assign to a device that monitors incoming and outgoing network traffic and blocks traffic according to security rules. The ExtraHop system does not automatically assign the Firewall role to a device.

    Vulnerability Scanner: Assign to a device that runs vulnerability scanner programs.

    Default: Assign to a device when the device's activity does not clearly identify a single role.

  6. Click Save.
Published 2021-04-07 20:06