Check XSOAR Integration Activity
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Check XSOAR Integration Activity
Access
Cortex XSOAR
logs and playbooks from the IoT Security
portal.You can use these tools to check on integration
activity within
Cortex XSOAR
from the convenience of the IoT Security
UI:XSOAR
Logs
IoT Security
provides a simple mechanism to
download logs from your cloud-hosted Cortex XSOAR
instance so you
can check data exchanges with third-party integrations and XSOAR
engine connectivity. The logs are particularly useful for troubleshooting.
For example, if you imported device attributes from a wireless controller,
you can look at logs showing all the device attributes that XSOAR
imported. If you sent alerts or vulnerabilities to an asset management
system like Nuvolo or ServiceNow or device updates to a NAC system
like Aruba Clearpass, you can see when they were sent.The
logs might contain data for devices that aren't in the
IoT Security
inventory but that XSOAR received from the wireless controller.- Download XSOAR logs.
- Log in toIoT Security, navigate toIntegrations, and thenDownload XSOAR logs.IoT Securitydownloads a zip file containing a compressed set of XSOAR logs. The download takes approximately 10 seconds to complete and the file name consists of the namexsoar_log+ a timestamp, such asxsoar_log_2022-April-20-19_26.zip.
- Save the zip file on your management system and extract the files within it.Each log file can be up to 10 MB and typically contain data for the past two or three days.
- Refer to the logs to check on various XSOAR server and engine activities.
- Theserver.logcontains an historical record of the various integration activities in which the hosted XSOAR server engaged such as device quarantines, vulnerability scans, and alert notifications.
- When an integration requires an XSOAR engine, thed1.loginside the<engine-name>-log.tar.gzfile contains a similar record of integration activities running on an XSOAR engine.
- The<engine-name>-<date>-log.tar.gzfile also contains useful information for resolving issues with XSOAR engine installations.
- Depending on whether an integration is between a hosted XSOAR instance and a cloud-based third-party system or between an on-premises XSOAR engine and an on-premises third-party system, you can find all the device attributes that XSOAR imported for each MAC address listed in either theserver.logord1.log.Currently you can see log data for Aruba ClearPass, Cisco Prime, and Cisco DNA Center.In the above screen capture, there are two d1.log files. When a file reaches its maximum size of 10 MB, XSOAR saves the first d1.log file with a timestamp as part of its filename and starts making a new d1.log file.
XSOAR
Playbooks
When you initiate an action in
IoT Security
that involves a third-party integration–for example sending an alert
or vulnerability or quarantining a device—the pop-up panel includes
a link that takes you to an XSOAR playbook to see an overview of
the task (referred to as "incident" in XSOAR) and the status of
each step in the flow.For
the link in
IoT Security
to open the corresponding playbook in Cortex
XSOAR, you must already be logged in to your XSOAR instance before
clicking it.The green boxes in the playbook indicate
that a particular step was successfully performed. Following the
path through the playbook gives you feedback about whether an action
was carried out successfully or, if not, where the process changed
course.
Clicking
a box in a playbook opens a side panel in the
Cortex XSOAR
UI with
an explanation of that step.This gives
you visibility into the integration workflow and assists you in
making changes if required.