Device Security integrates with Microsoft Defender XDR through Cortex XSOAR to learn about devices and device attributes, as well as vulnerabilities for IoT devices. Microsoft Defender XDR, an extended detection and response solution, lets users monitor endpoints, user identities, and cloud applications, as well as manage vulnerabilities detected in their networks. By integrating with Microsoft Defender XDR, Device Security enriches the asset inventory and risk context.

Through the integration, Device Security can learn the following device attributes from Microsoft Defender XDR:

Device Security can learn the following vulnerability information from Microsoft Defender XDR:

When Device Security receives information for devices already in its inventory, it incorporates any additional information from Microsoft Defender XDR into the data it previously gathered from network traffic and behavior analysis. For devices and vulnerabilities that are not already in the Device Security inventory, Device Security creates new entries with the data that Microsoft Defender XDR provides.

Integrating with Microsoft Defender XDR requires either a full-featured Cortex XSOAR server or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Microsoft Defender XDR. The advanced plan includes a license for all supported third-party integrations.