FactoryTalk AssetCentre is a centralized tool by Rockwell Automation designed for managing, securing, versioning, tracking, and reporting automation-related assets. Device Security integrates through Cortex XSOAR with AssetCentre to import device attributes from AssetCentre databases. Users can enable recurring imports or manually initiate bulk imports to match devices based on MAC or IP address. Device Security matches the imported devices with those in its inventory by MAC or IP address and augments the attributes it already has for them with those learned from AssetCentre. If the set of imported devices includes a device that isn’t yet in its inventory, Device Security adds that device if the AssetCentre database includes its MAC address, among other attributes. If AssetCentre doesn’t have the MAC address of a device that’s new for Device Security, it’s not imported as an IP endpoint; it’s just not imported at all. Device Security displays device information that it learns from this integration in the Asset Inventory and on the Device Details pages.

The integration of Device Security and Rockwell Automation FactoryTalk AssetCentre can occur when one or more Palo Alto Networks firewalls are running on the same network that’s under AssetCentre management. The firewalls send Device Security network traffic data logs through the Palo Alto Networks logging service and then Device Security analyzes metadata from the logs to discover and identify devices on the network and track their network behaviors. In addition, Device Security also supplements this information with the device attributes it imports through Cortex XSOAR from one or more AssetCentre databases on Microsoft SQL servers.

Integrating with AssetCentre requires either a full-featured Cortex XSOAR server or the activation of a Device Security free cohosted Cortex XSOAR instance.