Configuring IPAM Attributes

Overview

The IPAM Security Policy App (ISPA) uses attributes to populate subnets and to implement hierarchies. ISPA uses parent attributes exclusively to build the hierarchy and child attributes to populate subnets into zones.

For each IPAM solution, you can define how often the synchronization is repeated, on what days of the week and times it should be performed, and which subnets should be mapped to which SecureTrack zone. The mapping itself is achieved through attributes that are defined for each subnet in the IPAM solution. Each IPAM defines these attributes differently.

Only SecureTrack users with Super Administrator permissions can schedule synchronizations with IPAMs.

Configure IPAM Attributes

You configure IPAM attributes in the Sync () menu.

  1. Click Configure Attributes.

    The Attributes List shows attributes that are mapped to SecureTrack zones and hierarchies.

  2. From the Actions () list, click Instructions for vendor-specific guidance on typical attributes that you can map in the IPAM.

    Here is an example of an Instructions box:

  3. From the Actions () list, click Add.

    There are two types of attributes: Zone and Domain.

Define a Zone

  1. For the Attribute Name, type the name and define the Zone.

    The Any zone populates zones based on all values across all predefined attributes in which subnets were found. If the zone is not specified by the IPAM, ISPA creates a zone called Unassociated Networks in SecureTrack for each IPAM. Subnets, which do not belong to a specific zone, are assigned to the Unassociated Networks zone. To prevent this assignment, it is recommended to assign attributes to a specific zone or hierarchy.

  2. Define the Hierarchy

    ISPA builds zones and zone hierarchies from IPAM data. You can define the zone as a parent, or add a sublevel as a child, as deep as you need to reflect the network hierarchy. The zones in a hierarchy must belong to the same domain.

    The Parent attribute is only used to establish hierarchy relationships. When mapping information from the IPAM, ISPA does not use the Parent attribute to populate the subnet in the zone. ISPA uses zones, which are defined as Child zones, to populate subnets.

    Changes to zone definitions appear in SecureTrack after a sync.

  3. Click Save.

You can view the Zone Hierarchy in SecureTrack under Network > Zones.

Define a Domain

Use this option to map the subnet attributes to a SecureTrack domain (in a multi-domain environment).

Both SecureTrack and the IPAM must be configured to support multiple domains.

  1. For the Attribute Name, type the name and select the Domain Attribute Type.

    If you are mapping to more than one domain, you will also need to define a domain attribute to associate subnets and zones to domains.

    In this example, ISPA uses the ST_DOMAIN attribute to associate subnets and zones to the domains.

  2. Click Save.