You can now query time-based attributes from third-party integrations. Time-based attribute querying makes it easier to identify and manage devices based on their temporal activity in your network. You can query using predefined time values (e.g. 1 month) or custom values, which can be explicit date ranges (e.g. January 5, 2026) or relative time operators (e.g. last 10 days). Querying on time-based attributes uses the existing process for Query Creation and Management.

Device Security supports integrating with NetBox functionalities for IP Address Management (IPAM) and Data Center Infrastructure Management (DCIM). By integrating with NetBox, Device Security can learn about endpoints and IP address use, including static IP addresses and DHCP leases. Device Security uses that information to enrich the Device Security asset inventory, including creating new assets for devices learned through the NetBox integration.

December 2025 enhancement Device Security can now learn network details when integrating with Cisco Meraki. The network details include information about subnets, VLANs, static IP addresses, and DHCP leases. Device Security and Cortex XSOARuse a new playbook, Import Cisco Meraki Networks to Device Security, to get the network information. The Cisco Meraki integration instance in Cortex XSOAR also includes a new field, Networks, to specify which networks to learn network information for. To pull the network information from your Cisco Meraki solution to Device Security, update your Cisco Meraki integration instance and configure a new Cortex XSOAR job with the new playbook.

Device Security integrates with Cisco Meraki Cloud through Cortex XSOAR to enrich your asset inventory with detailed data about devices accessing your network through Cisco switches and wireless access points. This integration enables you to import device attributes, such as MAC and IP addresses, VLANs, and OS details, directly into Device Security. For wired clients, you gain visibility into the connecting switch, while wireless client data includes the associated access point. Use this feature to correlate network-layer data with traffic logs from next-generation firewalls. This integratio helps you maintain visibility of both online and recently offline devices, so you can base your security policy decisions on the most current context available.

December 2025 enhancement Device Security can now learn about static IP addresses and DHCP leases when integrating with Infoblox IPAM.

Integrate Device Security with Infoblox IPAM to retrieve IP blocks and subnets (called containers and networks by Infoblox) plus related data about sites, VLANs, and descriptions. For more information, see Integrate Device Security with Infoblox IPAM.

December 2025 enhancement Device Security can now learn about static IP addresses and DHCP leases when integrating with Microsoft DHCP Servers.

Device Security supports integrating with Microsoft DHCP Servers to learn about DHCP clients from the servers. Device Security can retrieve information such as multi-interface configurations, installed software, DHCP reserved IP addresses, and BitLocker status, and Device Security uses that information to enrich its inventories.

December 2025 enhancement Prisma Access attached Device Security is now authorized for FedRAMP High.

June 2024 enhancement Device Security now uses the PAN-OS Edge Services to support policy recommendations and Device-ID based automated Zero Trust Enforcement for all next-generation firewalls and Prisma Access. The Device Security solution deployed in a FedRAMP moderate environment works with next-generation firewalls in either FIPS mode or in a commercial environment.

Device Security is authorized for use in a FedRAMP environment. To learn more about FedRAMP authorization at Palo Alto Networks, see Palo Alto Networks and FedRAMP Authorization.