Device Security integrates with Microsoft Defender XDR through Cortex XSOAR to learn about devices and device attributes, as well as vulnerabilities for IoT devices. Microsoft Defender XDR, an extended detection and response solution, lets users monitor endpoints, user identities, and cloud applications, as well as manage vulnerabilities detected in their networks. By integrating with Microsoft Defender XDR, Device Security enriches the asset inventory and risk context.

Through the integration, Device Security can learn the following device attributes from Microsoft Defender XDR:

Device Security can learn the following vulnerability information from Microsoft Defender XDR:

When Device Security receives information for devices already in its inventory, it incorporates any additional information from Microsoft Defender XDR into the data it previously gathered from network traffic and behavior analysis. For devices and vulnerabilities that are not already in the Device Security inventory, Device Security creates new entries with the data that Microsoft Defender XDR provides.

For a full list of attributes that Device Security can learn through the integration, see Microsoft Defender XDR Attribute Reference.

Integrating with Microsoft Defender XDR requires either a full-featured Cortex XSOAR™ server or the activation of a Device Security free cohosted Cortex XSOAR instance.