IoT Security Integration Guide
  • IoT Security Integration Guide
  • IoT Security Documentation
  • All Documentation
>
Quarantine a Device Using Aruba ClearPass
Focus
Download PDF
Focus
  1. Home
  2. IoT Security
  3. Network Access Control
  4. Integrate IoT Security with Aruba ClearPass
  5. Quarantine a Device Using Aruba ClearPass
Download PDF
IoT Security

Quarantine a Device Using Aruba ClearPass

Table of Contents

Quarantine a Device Using Aruba ClearPass

Use the IoT Security integration with Aruba ClearPass to quarantine devices of concern.
Where Can I Use This?What Do I Need?
  • IoT Security (Managed by IoT Security)
  • IoT Security subscription for an advanced IoT Security product (Enterprise Plus, Industrial OT, or Medical)
One of the following Cortex XSOAR setups:
  • An IoT Security Third-party Integration Add-on license that includes a cohosted, limited-featured Cortex XSOAR instance
    AND
    A Cortex XSOAR Engine (on-premises integration)
  • A full-featured Cortex XSOAR server
Through the IoT Security integration with Aruba ClearPass, you can send a request to Aruba ClearPass to quarantine devices or to remove devices from quarantine.

Put a Device in Quarantine Using Aruba ClearPass

If you want to quarantine a device because you saw an alert that concerns you, use the quarantine option on the AlertsSecurity Alerts page. You can also do this in the Action menu in the Alerts section on a Device Details page.
  1. Select an alert on AlertsSecurity Alerts in the IoT Security portal.
  2. Click MoreSend toQuarantine via Aruba ClearPass.
  3. Add a comment.
    After you enter a comment, the Send button changes from gray to blue, indicating that you can proceed.
  4. Click Send.
    IoT Security sends a command through Cortex XSOAR to all configured Aruba ClearPass instances to assign the device to a quarantine VLAN. The instance or instances that have an endpoint with a matching MAC address apply the quarantine. The device remains in quarantine while you investigate the cause of the alert. Once it’s resolved, you can then use the
    Release via Aruba ClearPass
    option.
    After you click Send, a link appears. When you click it, a new browser window opens to the XSOAR playbook for this action.
    To confirm that the quarantine command was sent, click the link to the XSOAR playbook for this action.
    For the link in IoT Security to open the corresponding playbook in Cortex XSOAR, you must already be logged in to your XSOAR instance before clicking it.
    The green boxes in the playbook indicate that a particular step was successfully performed. Following the path through the playbook gives you feedback about whether an action was carried out successfully or, if not, where the process changed course.

Release a Device from Quarantine Using Aruba ClearPass

Remove devices from quarantine through IoT Security integration with Aruba ClearPass.
Removing a device from quarantine is the same procedure as
putting it in quarantine
except that you select MoreSend toRelease via Aruba ClearPass on the AlertsSecurity Alerts page. This option is also available in the Action menu in the Alerts sections on a Device Details page.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.

xThanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application.