When integrated with Aruba ClearPass, Device Security provides it with accurate IoT device identities and notifies it whenever a security threat arises and device behavior veers from what is expected and safe. Device Security does this by discovering IoT devices on the network, identifying and profiling them, and then reporting them through Cortex XSOAR and an on-premises XSOAR engine to your ClearPass system. Device Security also checks for security risks and anomalous behavior, and when it discovers any, it sends alerts to ClearPass for automated policy enforcement.

Device Security populates custom endpoint attributes on your ClearPass instance with device data. ClearPass then uses this data in NAC (network access control) policies to segment endpoints into VLANs for reduced risk exposure. In addition, with just a couple of clicks from the Device Security portal, you can manually quarantine compromised devices identified by Device Security alerts and later remove them from quarantine.

Make sure your XSOAR engine can form an HTTPS connection to your ClearPass instance on TCP port 443.

Integrating with Aruba ClearPass requires either a full-featured Cortex XSOAR server or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for this. The advanced plan includes a license for all supported third-party integrations.