: Integrate IoT Security with Aruba Central
Focus
Focus

Integrate IoT Security with Aruba Central

Table of Contents

Integrate
IoT Security
with Aruba Central

Integrate
IoT Security
through
Cortex XSOAR
with Aruba Central.
Aruba Central manages wired and wireless networks in distributed environments. By integrating through
Cortex XSOAR
with Aruba Central,
IoT Security
can import information about the wired and wireless devices in the Aruba Central infrastructure.
Because
IoT Security
and Aruba Central provide cloud-based and on-premises options, the following combinations are possible:
IoT Security
and
Cortex XSOAR
Aruba Central
IoT Security
and a cohosted XSOAR instance or a cloud-hosted full-featured XSOAR server with one or more on-premises XSOAR engines
One or more on-premises Aruba Central servers at multiple sites
IoT Security
and a cohosted XSOAR instance or a cloud-hosted full-featured XSOAR server
Cloud-hosted Aruba Central
IoT Security
and an on-premises XSOAR server and, if the network topology necessitates it, an XSOAR engine
On-premises Aruba Central server
IoT Security
and an on-premises XSOAR server
Cloud-hosted Aruba Central
The following diagram illustrates the first option in the table above.
IoT Security
works with
Cortex XSOAR
to fetch the following information from Aruba Central about devices accessing the network:
  • Device MAC address, IP address, hostname, and serial number
  • VLAN to which the device is assigned
  • Connection type—wired or wireless
  • If it’s a wired device,
    IoT Security
    fetches the MAC address of the switch with which the device is connected.
  • If it’s a wireless device,
    IoT Security
    fetches the IEEE 802.11 protocol, encryption method, authentication type, radio band (2.4 GHz or 5 GHz), channel, SSID, signal-to-noise ratio (SNR) of the wireless association, and name of the access point with which the device is associated.
IoT Security
and
Cortex XSOAR
also fetch the following information from Aruba Central about switches on the network:
  • Switch MAC address, IP address, and hostname
  • Switch type, model, and firmware version
  • Site
When
IoT Security
receives information for devices that are already in its inventory, it incorporates any additional information from Aruba Central into the data it previously gathered from network traffic and behavior analysis. With this information,
IoT Security
can provide more granular endpoint reports and better detection of misconfigurations and anomalies. Data that
IoT Security
already has for a device hostname, VLAN, and network connection type (wired or wireless) supersedes duplicate or conflicting data from Aruba Central. For all other types of data, whatever is the most recent takes precedence regardless of its source. For devices that aren’t already in its inventory,
IoT Security
creates new entries with the data that Aruba Central provides.
Integrating with Aruba Central requires either a full-featured Cortex XSOAR server or the purchase and activation of an
IoT Security
third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Aruba Central. The advanced plan includes a license for all supported third-party integrations.

Recommended For You