Third-party Integrations Using Cohosted XSOAR
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Third-party Integrations Using Cohosted XSOAR
Use a cohosted
Cortex XSOAR
instance for IoT Security
integration with third-party solutions.When you buy and activate an
IoT Security
Third-party Integrations Add-on license, a cloud-hosted,
purpose-built instance of XSOAR is generated exclusively for your
IoT Security
tenant at no extra charge. It enables IoT Security
to integrate with both cloud-based third-party systems and—by means
of an on-site XSOAR engine—with third-party systems deployed on
premises. (For XSOAR engine installation instructions, refer to
the “Cortex XSOAR
Engine Installation” section for the third-party
product being integrated with IoT Security
.)An
IoT Security
Third-party Integrations Add-on does not
require the purchase of a full Cortex XSOAR
product. After you enable the
add-on, IoT Security
automatically generates a cloud-hosted XSOAR
instance with limited functionality (in contrast to a full Cortex
XSOAR product) to assist IoT Security
with the integrations it supports.After you activate the add-on during the onboarding process,
a limited, cloud-hosted
Cortex XSOAR
instance is generated exclusively
to support third-party integrations included in the add-on. There
is no extra charge for this dedicated XSOAR instance, which supports
integrations with the following third-party systems:- Asset Management
- Endpoint Protection
- IP Address Management
- Wireless Network Controllers
- Security Information and Event Management
- Network Access Control
When integrating
IoT Security
with one of the third-party systems, you’ll use the interface
of the dedicated XSOAR instance to configure this side of the integration and the user
interface of the remote system to configure the other side. The XSOAR interface has been
scaled down to just those features and settings essential for IoT Security
to
integrate with these other systems. To access the XSOAR interface, log in to the IoT Security
portal, open the Integrations page, and then click Launch
. Due to the automatic authentication
mechanism that occurs between Cortex XSOAR
IoT Security
and XSOAR when you click this link,
it’s the only way to access the interface of your XSOAR instance.If you do not see all available third-party integrations
in the
Cortex XSOAR
interface, it's possible that your XSOAR instance hasn't
been updated with the latest content pack. Content packs include
code changes to the jobs and playbooks of existing integrations
as well as additional new third-party integrations. To get the latest
XSOAR content pack, log in to your Customer Support Portal account
and create a case with your request.Some integrations such as ServiceNow, Nuvolo, and Qualys occur completely in the cloud, from the
IoT Security
cloud through Cortex XSOAR
to the third-party cloud. Others such as Cisco
ISE, SIEM, and Aruba ClearPass occur both in the cloud and on premises. The IoT Security
cloud sends data to Cortex XSOAR
, which forwards it to an XSOAR engine installed on a VM on premises.
The XSOAR engine then forwards the data across the network to a third-party server
that’s also on premises. The following shows which integrations require an on-premises
XSOAR engine when IoT Security
is communicating through a cohosted XSOAR instance:Asset Management Integrations | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
AIMS | No (cloud-hosted AIMS instance), Yes (on-premises AIMS
system) | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and HTTPS on TCP 443 (default) to an on-premises AIMS system |
Microsoft SCCM | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and TCP 1433 (default) to an on-premises SCCM SQL system |
Nuvolo | No | — |
ServiceNow | No | — |
Endpoint Protection | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Cortex XDR | No | — |
CrowdStrike | No | — |
Tanium | No (cloud-hosted Tanium), Yes (one or more on-premises Tanium
servers) | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on
TCP 443 to your on-premises Tanium API |
Network Management | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Aruba Central | No (cloud-hosted Aruba Central), Yes (one or more on-premises
Aruba Central servers) | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and SSH on TCP 22 to an on-premises Aruba Central server |
Cisco DNA Center | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and HTTPS on TCP 443 to your on-premises Cisco DNA Center API |
Cisco Meraki Cloud | No | — |
Cisco Prime Infrastructure | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and HTTPS on TCP 443 to your on-premises Cisco Prime instance |
SNMP Discovery | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and SNMP on UDP 161 to local network switches |
Network Discovery | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and SNMP on UDP 161 to local network switches |
IP Address Management | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
BlueCat IPAM | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and HTTP or HTTPS on TCP 80 or TCP 443 to your on-premises BlueCat
Address Manager |
Infoblox IPAM | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and to your on-premises Infoblox Grid Master API |
Wireless Network Controllers | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Aruba WLAN Controllers | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and HTTPS on TCP 4343 (default) to the API of on-premises Aruba
WLAN controllers |
Cisco WLAN Controllers | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and SSH on TCP 22 (default) to on-premises Cisco WLAN controllers |
Security Information and Event Management | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
SIEM | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and syslog event messages on UDP 514 (default) to your SIEM server |
Network Access Control | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Aruba ClearPass | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and to the on-premises Aruba ClearPass system |
Cisco ISE | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and HTTPS on TCP 443 and 9060 to your on-premises Cisco ISE system |
Cisco ISE pxGrid | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and SSL on TCP 8910 (default) to your on-premises Cisco pxGrid controller/ISE
system |
Forescout | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/
and HTTPS on TCP 443 (default) to your on-premises Forescout system |
Vulnerability Scanning | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Qualys | No | — |
Rapid7 | No (cloud-hosted Rapid7 system), Yes (on-premises Rapid7
system) | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/, HTTPS
on TCP 3780 (default) to your on-premises Rapid7 UI, and HTTPS
on TCP 8080 and 443 (default) to your on-premises Rapid7 API |
Tenable (Tenable.io) | No | — |
After you set up
IoT Security
to work with a full-featured or
cohosted XSOAR instance and configure some integration instances in XSOAR, various
settings become available for use in the IoT Security
portal. For
example, options to quarantine a device and release a previously quarantined device only
appear after you configure an integration instance that supports such actions.