Device Security
Integrate Device Security with Aruba Central
Table of Contents
Integrate Device Security with Aruba Central
Integrate Device Security through Cortex XSOAR with Aruba Central.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following subscriptions:
One of the following Cortex XSOAR setups:
|
Aruba Central manages wired and wireless networks in
distributed environments. By integrating through Cortex XSOAR with
Aruba Central, Device Security can import information about the wired
and wireless devices in the Aruba Central infrastructure.
Because Device Security and Aruba Central provide cloud-based and
on-premises options, the following combinations are possible:
| Device Security and Cortex XSOAR | Aruba Central |
|---|---|
| Device Security and a cohosted XSOAR instance or a cloud-hosted full-featured XSOAR server with one or more on-premises XSOAR engines | One or more on-premises Aruba Central servers at multiple sites |
| Device Security and a cohosted XSOAR instance or a cloud-hosted full-featured XSOAR server | Cloud-hosted Aruba Central |
| Device Security and an on-premises XSOAR server and, if the network topology necessitates it, an XSOAR engine | On-premises Aruba Central server |
| Device Security and an on-premises XSOAR server | Cloud-hosted Aruba Central |
The following diagram illustrates the first option in the table
above.
Device Security works with Cortex XSOAR to fetch the following information from Aruba Central about
devices accessing the network:
- Device MAC address, IP address, hostname, and serial number
- VLAN to which the device is assigned
- Connection type—wired or wireless
- If it’s a wired device, Device Security fetches the MAC address of the switch with which the device is connected.
- If it’s a wireless device, Device Security fetches the IEEE 802.11 protocol, encryption method, authentication type, radio band (2.4 GHz or 5 GHz), channel, SSID, signal-to-noise ratio (SNR) of the wireless association, and name of the access point with which the device is associated.
Device Security and Cortex XSOAR also fetch the following information from Aruba Central
about switches on the network:
- Switch MAC address, IP address, and hostname
- Switch type, model, and firmware version
- Site
When Device Security receives information for devices that are already
in its inventory, it incorporates any additional information from
Aruba Central into the data it previously gathered from network
traffic and behavior analysis. With this information, Device Security
can provide more granular endpoint reports and better detection
of misconfigurations and anomalies. Data that Device Security already
has for a device hostname, VLAN, and network connection type (wired
or wireless) supersedes duplicate or conflicting data from Aruba
Central. For all other types of data, whatever is the most recent
takes precedence regardless of its source. For devices that aren’t
already in its inventory, Device Security creates new entries with
the data that Aruba Central provides.
Integrating with Aruba Central requires either a
full-featured Cortex XSOAR™ server
or the
activation of a Device Security
free
cohosted Cortex XSOAR instance.