IoT Security
Integrate IoT Security with Cisco DNA Center
Table of Contents
Integrate IoT Security with Cisco DNA Center
Integrate IoT Security through Cortex XSOAR with Cisco
DNA Center to retrieve details about active devices.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following Cortex XSOAR setups:
|
IoT Security integrates through Cortex XSOAR
with Cisco DNA (Digital Network Architecture) Center so it can import
information about devices (or endpoints) from
the Cisco DNA Center infrastructure. Cisco DNA Center manages
networking devices like switches and routers and network access
controllers like Cisco ISE, Cisco WLAN controllers, and others.
It also learns about servers and clients indirectly through the
various networking devices it manages; however, it does not interact
with servers and clients in any way. IoT Security retrieves data
about all device types—both networking devices and client and server
devices—from DNA Center. Through this integration, IoT Security can learn new attributes
for existing devices in the IoT Security asset inventory. IoT Security also adds any
new devices that it learns from Cisco DNA Center to the IoT Security asset inventory.
A specified on-premises XSOAR engine
fetches the following information from DNA Center and then sends
it through the Cortex XSOAR cloud to IoT Security to incorporate
into the data it has already gathered from network traffic and behavior analysis:
- Device MAC address
- Device IP address
- Connection type—wired or wirelessIf it’s a wired device:
- Name, MAC address, and IP address of the switch with which the device is connected
- Ethernet interface on the switch to which the device is connected and a description for it
- VLAN ID to which the device is assigned
If it’s a wireless device:- Name, MAC address, and IP address of the AP with which the device is associated
- SSID on which the device associates with the AP
- IEEE 802.11 protocols used to form the association
- VLAN ID to which the device is assigned
With
this information, IoT Security can provide more granular endpoint
reports and better detection of misconfigurations and anomalies.
For example, the following illustrations show information that IoT Security
learned from Cisco DNA Center about a PACS station named GRADLT900:
- Connection type: wireless
- The hostname and IP address of the switch that’s cabled to the AP serving GRADLT900
- The Ethernet port number on the switch to which the AP is cabled
- The VLAN to which the PACS station is assigned
IoT Security can integrate with multiple Cisco DNA Center instances
at one site or multiple sites, which is sometimes necessary for
large deployments where a single DNA Center instance is not enough.
In these cases, one or more XSOAR engines integrate with one or
more of the DNA Center instances.
Make
sure each XSOAR engine can form a network connection on TCP port
443 to the DNA Center instance with which it’s coupled. Then follow
the instructions below to set up the integration between the two.
Integrating with Cisco DNA Center requires either a
full-featured Cortex XSOAR server
or the purchase and
activation
of an IoT Security third-party integration add-on license,
which comes with a free
cohosted Cortex XSOAR instance. The basic
plan includes a license for three integration add-ons, one of which can be used for
this. The advanced plan includes a license for all supported third-party
integrations.