Device Security
New Features in October 2025
Table of Contents
Expand All
|
Collapse All
Device Security Docs
New Features in October 2025
Review the new features introduced in Device Security in October 2025.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following subscriptions:
|
The following new features and enhancements were introduced for Device Security in
October 2025.
|
New Features
| |
|---|---|
|
New Polling Integration Support
|
The Device Security polling integration with
Cortex XSOAR now supports the following protocols for
polling:
|
|
Vulnerability signatures
|
The Device Security Research team added detections for 737
vulnerabilities this month. Of the 737 vulnerabilities, 62 of them
had a critical CVSS score. You can see a complete list of the CVEs
for which detections have been added at
Vulnerability Signatures in 2025.
|
|
Dictionary file updates
|
There were five dictionary file updates in October 2025. The
following summarizes what was added in each update:
|
Support all Attributes for Advanced Device-ID
When creating an Advanced Device-ID object
in Device Security, you can now select from all device attributes for the
matching criteria. This includes using third-party device attributes for the
matching criteria. While you can select from all device attributes, you can only
include up to 30 attributes for each Device-ID object, and you can't
cross-reference to alert or vulnerability attributes. To take advantage of this
expanded support for device attributes, your firewalls receiving
Device Context (verdicts) must be running PAN-OS 12.1.2 or later,
and you must enable Advanced Device-ID.
Support for User-Defined Managed Devices
Device Security adds a new System-created Custom Attribute called
Managed Status. You can edit the Value Rule for
Managed Status to automate when and which devices should automatically be marked
as managed or unmanaged. Unlike other custom attributes, you can define the
Managed Status attribute with saved queries or saved filters. To view and customize
the Managed Status custom attribute, visit AssetsCustom AttributesSystem-created Attributes in Device Security in Strata Cloud Manager.
Support BfArM Recall Information for Medical Devices
Device Security now includes information from Germany's
Federal Institute for Drugs and Medical Devices
(Bundesinstitut für Arzneimittel und Medizinprodukte, BfArM) for
medical device recalls. When viewing active recalls of devices in your network,
you can view the Source column to see if the recall comes from BfArM.
Click on the Recall ID to open and view the recall PDF from BfArM.
Network Discovery Plugin versions 2.2.3 and 3.0.1
The Network Discovery plugin version 2.2.3
introduces an enhancement for SNMP crawling to skip IP phones. This helps improve
runtime and performance for an SNMP crawl. Version 2.2.3 also includes a number of
addressed issues to improve runtime performance and results.
See Known Issues in Network Discovery 2.2
for a full list of addressed issues.
The Network Discovery plugin version 3.0.1
includes the same functionality as Network Discovery 2.2.3 for firewalls running
PAN-OS 12.1.2 and later.
Support Overlapping IP Addresses for Third-Party Integrations
Device Security now supports adding third-party integration instances to
network segments.
You can configure network segments with third-party integration instances,
firewalls, or both. By adding third-party integration instances to
network segments, you ensure that devices and attributes learned from third-parties
are mapped correctly in instances where you may have
overlapping IP addresses in your network.
System Alerts for Interation Job Failures
Device Security now generates daily system alerts
(AdministrationSystem Events) when
third-party integration jobs fail.
If jobs run multiple times a day, the system alert only happens if more than 50%
of jobs fail. To get email notifications about the system alerts, update the
setting under AdministrationSystem Event Notifications Configuration for Device Security in Strata Cloud Manager.
Microsoft DHCP Servers Integration
Device Security supports integrating with Microsoft DHCP Servers to
learn about DHCP clients from the servers. Device Security can retrieve
information such as multi-interface configurations, installed software,
DHCP reserved IP addresses, and BitLocker status, and Device Security uses that
information to enrich its inventories.
Enhancements for the Microsoft SCCM Integration
Device Security can now learn additional information when
integrated with Microsoft SCCM.
When configuring the integration instance, you can choose to have Device Security
learn the following information:
- Installed software
- Windows updates
- BitLocker data
ManageEngine Endpoint Central Integration
Device Security supports integrating with ManageEngine Endpoint Central to learn about
endpoints and vulnerabilities from ManageEngine. Device Security can
retrieve device details or vulnerabilities from ManageEngine, and it uses that
information to enrich the Device Security inventories and risk visibility.
Device Security also creates new devices in the assets inventory for devices
learned through the ManageEngine integration.
SentinelOne Singularity Integration
Device Security supports integrating with SentinelOne Singularity to learn
about endpoints and vulnerabilities from SentinelOne. Device Security can
retrieve device details or vulnerabilities from SentinelOne Singularity, and
it uses that information to enrich the Device Security inventories and
risk visibility. Device Security also creates new devices in the assets inventory
for devices learned through the SentinelOne integration.
Siemens Industrial Asset Hub Integration
Device Security supports integrating with Siemens Industrial Asset Hub to learn
about devices managed by Siemens Industrial Asset Hub. Device Security can
retrieve device details from Siemens and use that information to
enrich the Device Security inventory. Device Security also creates new devices
in the assets inventory for devices learned through the
Siemens Industrial Asset Hub integration.