Integrate IoT Security with Microsoft Defender XDR

IoT Security integrates with Microsoft Defender XDR through Cortex XSOAR to learn about devices and device attributes, as well as vulnerabilities for IoT devices. Microsoft Defender XDR, an extended detection and response solution, lets users monitor endpoints, user identities, and cloud applications, as well as manage vulnerabilities detected in their networks. By integrating with Microsoft Defender XDR, IoT Security enriches the asset inventory and risk context.

Through the integration, IoT Security can learn the following device attributes from Microsoft Defender XDR:

IoT Security can learn the following vulnerability information from Microsoft Defender XDR:

When IoT Security receives information for devices already in its inventory, it incorporates any additional information from Microsoft Defender XDR into the data it previously gathered from network traffic and behavior analysis. For devices and vulnerabilities that are not already in the IoT Security inventory, IoT Security creates new entries with the data that Microsoft Defender XDR provides.

Integrating with Microsoft Defender XDR requires either a full-featured Cortex XSOAR server or the purchase and activation of an IoT Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Microsoft Defender XDR. The advanced plan includes a license for all supported third-party integrations.