What is the best approach to classify devices when one OID is associated with two different network

Vini
Giga Guru

‎07-16-2025 07:53 AM

Hi,

 

We have IDS (Intrusion Detection System) devices with a specific OID; however, these devices are being discovered as Cisco Firewalls. Upon cross-verifying, I noticed that some valid Cisco Firewalls are also being discovered with the same OID.

I’m trying to create a classifier specifically for our IDS devices. All of our IDS device names contain the string “ids,” and I’ve added a condition in the classifier as [sysName contains "ids"], but the Cisco classifier still seems to be taking precedence.

How can I resolve this issue and ensure the correct classification for our IDS devices? Please advise.

 

 

Regards,
Vini

Labels:
  • 593 Views
6 REPLIES 6

srinija_itom
Tera Guru

‎07-16-2025 09:13 AM

Hi @Vini , 

 

May be try adding a new filter to cisco firewall classifier sysname doesn't contain "ids" as shown in below screenshot that way cisco firewall classifier will fail with the filter condition and your custom SNMP classifier gets executed. 

 

srinija_itom_0-1752682343008.png

 

 

Regards, 

 

Srinija

0 Helpfuls

Mannapuram
Tera Guru

‎07-16-2025 02:09 PM

You can turn the Cisco Firewall OID entries Active flag to false and re-run discovery. If that doesn't work, please provide a sample IDS value to debug further. 

0 Helpfuls

Vini
Giga Guru

‎07-22-2025 08:58 AM

Hi @srinija_itom , @Mannapuram ,

 

From my testing, I’ve observed that once the OID matches, it doesn’t check for the next level conditions in the Classifier. Internally, the condition behaves as "OR" rather than "AND."

If the same OID is present on two different devices, Discovery cannot classify them into separate devices. This is not feasible. I’ve cross-checked with my N/W team, and they mentioned that the IDS serves two functions: it acts both as a Detection System and as a Firewall.

A possible solution would be to check with the Network Team to see if they can configure different OIDs on the IDS devices.

Note: We can't enforce the condition at the Pattern level based on naming conditions because the pattern initiates at the class level. When creating CIs in a different class, it cannot reference the identifiers. I may be mistaken, but this did not work in my case.

 

Regards,

Vinil Reddy.

0 Helpfuls

srinija_itom
Tera Guru
In response to Vini

‎07-22-2025 09:05 AM

Hi @Vini

 

thanks for letting us know. Modifying the OiD isn’t feasible option as well because most of the OID’s come from the Manufacturer MIB Files. 

regards, 

 

srinija