: Third-party Integrations Using Cohosted XSOAR
Focus
Focus

Third-party Integrations Using Cohosted XSOAR

Table of Contents

Third-party Integrations Using Cohosted XSOAR

Use a cohosted
Cortex XSOAR
instance for
IoT Security
integration with third-party solutions.
When you buy and activate an
IoT Security
Third-party Integrations Add-on license, a cloud-hosted, purpose-built instance of XSOAR is generated exclusively for your
IoT Security
tenant at no extra charge. It enables
IoT Security
to integrate with both cloud-based third-party systems and—by means of an on-site XSOAR engine—with third-party systems deployed on premises. (For XSOAR engine installation instructions, refer to the “
Cortex XSOAR
Engine Installation” section for the third-party product being integrated with
IoT Security
.)
An
IoT Security
Third-party Integrations Add-on does not require the purchase of a full
Cortex XSOAR
product. After you enable the add-on,
IoT Security
automatically generates a cloud-hosted XSOAR instance with limited functionality (in contrast to a full Cortex XSOAR product) to assist
IoT Security
with the integrations it supports.
After you activate the add-on during the onboarding process, a limited, cloud-hosted
Cortex XSOAR
instance is generated exclusively to support third-party integrations included in the add-on. There is no extra charge for this dedicated XSOAR instance, which supports integrations with the following third-party systems:
When integrating
IoT Security
with one of the third-party systems, you’ll use the interface of the dedicated XSOAR instance to configure this side of the integration and the user interface of the remote system to configure the other side. The XSOAR interface has been scaled down to just those features and settings essential for
IoT Security
to integrate with these other systems. To access the XSOAR interface, log in to the
IoT Security
portal, open the Integrations page, and then click
Launch
Cortex XSOAR
. Due to the automatic authentication mechanism that occurs between
IoT Security
and XSOAR when you click this link, it’s the only way to access the interface of your XSOAR instance.
If you do not see all available third-party integrations in the
Cortex XSOAR
interface, it's possible that your XSOAR instance hasn't been updated with the latest content pack. Content packs include code changes to the jobs and playbooks of existing integrations as well as additional new third-party integrations. To get the latest XSOAR content pack, log in to your Customer Support Portal account and create a case with your request.
Some integrations such as ServiceNow, Nuvolo, and Qualys occur completely in the cloud, from the
IoT Security
cloud through
Cortex XSOAR
to the third-party cloud. Others such as Cisco ISE, SIEM, and Aruba ClearPass occur both in the cloud and on premises. The
IoT Security
cloud sends data to
Cortex XSOAR
, which forwards it to an XSOAR engine installed on a VM on premises. The XSOAR engine then forwards the data across the network to a third-party server that’s also on premises. The following shows which integrations require an on-premises XSOAR engine when
IoT Security
is communicating through a cohosted XSOAR instance:
Asset Management Integrations
Requires an XSOAR Engine on Premises
XSOAR Engine Communications
AIMS
No (cloud-hosted AIMS instance), Yes (on-premises AIMS system)
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 (default) to an on-premises AIMS system
Microsoft SCCM
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and TCP 1433 (default) to an on-premises SCCM SQL system
Nuvolo
No
ServiceNow
No
Endpoint Protection
Requires an XSOAR Engine on Premises
XSOAR Engine Communications
Cortex
XDR
No
CrowdStrike
No
Tanium
No (cloud-hosted Tanium), Yes (one or more on-premises Tanium servers)
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 to your on-premises Tanium API
Network Management
Requires an XSOAR Engine on Premises
XSOAR Engine Communications
Aruba Central
No (cloud-hosted Aruba Central), Yes (one or more on-premises Aruba Central servers)
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SSH on TCP 22 to an on-premises Aruba Central server
Cisco DNA Center
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 to your on-premises Cisco DNA Center API
Cisco Meraki Cloud
No
Cisco Prime Infrastructure
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 to your on-premises Cisco Prime instance
SNMP Discovery
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SNMP on UDP 161 to local network switches
Network Discovery
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SNMP on UDP 161 to local network switches
IP Address Management
Requires an XSOAR Engine on Premises
XSOAR Engine Communications
BlueCat IPAM
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTP or HTTPS on TCP 80 or TCP 443 to your on-premises BlueCat Address Manager
Infoblox IPAM
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and to your on-premises Infoblox Grid Master API
Wireless Network Controllers
Requires an XSOAR Engine on Premises
XSOAR Engine Communications
Aruba WLAN Controllers
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 4343 (default) to the API of on-premises Aruba WLAN controllers
Cisco WLAN Controllers
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SSH on TCP 22 (default) to on-premises Cisco WLAN controllers
Security Information and Event Management
Requires an XSOAR Engine on Premises
XSOAR Engine Communications
SIEM
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and syslog event messages on UDP 514 (default) to your SIEM server
Network Access Control
Requires an XSOAR Engine on Premises
XSOAR Engine Communications
Aruba ClearPass
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and to the on-premises Aruba ClearPass system
Cisco ISE
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 and 9060 to your on-premises Cisco ISE system
Cisco ISE pxGrid
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SSL on TCP 8910 (default) to your on-premises Cisco pxGrid controller/ISE system
Forescout
Yes
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 (default) to your on-premises Forescout system
Vulnerability Scanning
Requires an XSOAR Engine on Premises
XSOAR Engine Communications
Qualys
No
Rapid7
No (cloud-hosted Rapid7 system), Yes (on-premises Rapid7 system)
HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/, HTTPS on TCP 3780 (default) to your on-premises Rapid7 UI, and HTTPS on TCP 8080 and 443 (default) to your on-premises Rapid7 API
Tenable (Tenable.io)
No
After you set up
IoT Security
to work with a full-featured or cohosted XSOAR instance and configure some integration instances in XSOAR, various settings become available for use in the
IoT Security
portal. For example, options to quarantine a device and release a previously quarantined device only appear after you configure an integration instance that supports such actions.

Recommended For You