| Where Can I Use This? | What Do I Need? |
|---|
|
|
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise Plus,
Industrial OT, or Medical)
Device Security X subscription
One of the following Cortex XSOAR setups:
A free, cohosted, limited-featured
Cortex XSOAR instance
AND
A free Cortex XSOAR Engine (on-premises integration)
A full-featured Cortex XSOAR server
|
By integrating through Cortex XSOAR with Cisco
Prime Infrastructure, Device Security imports select information about
the devices (or endpoints) it’s monitoring from Cisco Prime.
A specified on-premises Cortex XSOAR engine fetches the following information
from Cisco Prime and then sends it through the Cortex XSOAR cloud
to Device Security to incorporate into the data it has already gathered
from network traffic and behavior analysis:
With
this information, Device Security can provide more granular endpoint
reports and better detection of misconfigurations and anomalies.
For example, the following illustrations show information that IoT
Security learned from Cisco Prime Infrastructure about a PACS station
named GRADLT900:
Connection type: wireless
The hostname and IP address of the switch that’s cabled to
the AP serving GRADLT900
The Ethernet port number on the switch to which the AP is cabled
The VLAN to which the PACS station is assigned
IoT
Security can integrate with multiple Cisco Prime instances at one
site or multiple sites, which is sometimes necessary for large deployments
where a single Prime instance is not enough. In these cases, one
or more Cortex XSOAR engines integrate with one or more of the Prime instances.
Make
sure each Cortex XSOAR engine can form a network connection on TCP port
443 to the Prime instance with which it’s coupled. Then follow the
instructions below to set up the integration between the two.
