Integrate with Third-party Systems
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba AirWave
- Set up Aruba AirWave for Integration
- Set up IoT Security and Cortex XSOAR for Aruba AirWave Integration
- View Device Location Information
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Integrate with Third-party Systems
IoT Security uses Cortex XSOAR to integrate with third-party
systems.
In addition to coordinating with Palo Alto Networks next-generation firewalls, IoT Security
integrates with third-party systems, augmenting their inventory, network management,
network security, and vulnerability detection by making them IoT aware and by gathering
device and network data from other sources to enrich its own inventory and capabilities.
IoT Security does this by leveraging Cortex XSOAR technology to integrate with third-party
systems. It uses either a cohosted, partially featured Cortex XSOAR instance (available
at no extra charge when you purchase an IoT Security Third-party Integrations Add-on
license) or a full-featured Cortex XSOAR server deployed either on premises or in the
cloud. There’s also a third option for integrating Cortex XSOAR with IoT Security
through its API. In short, there are three options:
- IoT Security with a cohosted, limited-featured Cortex XSOAR instance – This requires the purchase of an IoT Security Third-party Integrations Add-on license, which comes with an automatically generated, cloud-hosted Cortex XSOAR module at no extra charge.
- IoT Security with a full-featured Cortex XSOAR server – No add-on license required.The IoT Security FedRAMP Moderate solution must use a full-featured Cortex XSOAR server deployed on premises.
- Cortex XSOAR with access to the IoT Security API
IoT Security with a Cohosted Cortex XSOAR Instance
If you want to integrate IoT Security with third-party systems but do not have a Cortex XSOAR server, you can buy an IoT Security Third-party Add-on license.
After you activate it, IoT Security automatically generates a cohosted Cortex XSOAR instance with the functionality necessary to support IoT Security integrations. When IoT Security communicates with
third-party systems, it does so through the XSOAR instance, which connects with
other systems and runs various jobs such as importing device data into IoT Security or sending work orders for security alerts and vulnerabilities to
other systems for investigation and remediation.
More information about cohosted Cortex XSOAR instances is available
in Third-party Integrations Using Cohosted XSOAR.
IoT Security with a Full-featured Cortex XSOAR Server
If you already have a full-featured Cortex XSOAR server deployed on premises or in the
cloud, you can use that to integrate IoT Security with third-party systems
without needing to buy an add-on license and use a limited cloud-hosted Cortex XSOAR module. For the Cortex XSOAR server to support IoT Security third-party integrations, you must install an IoT Security
content pack and configure an integration instance on the XSOAR server. The content
pack provides XSOAR with all the third-party integration instance settings,
playbooks, and jobs that IoT Security requires, and the Palo Alto Networks IoT
3rd Party integration instance allows XSOAR to establish a permanent web socket
connection with the IoT Security application.
The Cortex XSOAR server continues to provide the same functionality it did before it was
set up to work with IoT Security. However, the IoT Security integrations
the XSOAR server supports are limited to those in the content pack you install. The
content pack has the same set of integrations that a cohosted XSOAR instance has
with one exception: you can modify the playbooks for IoT Security integrations
on an XSOAR server but not on a cohosted instance. To be precise, you can’t modify
the playbooks directly, but you can duplicate them, modify the duplicate playbooks,
and then use those on the server, which is something you can’t do in a cloud-hosted
instance.
When integrating IoT Security with third-party systems in a deployment
that must comply with FedRAMP Moderate, you must use a full on-premises
XSOAR server running a vendor-approved FIPS version that complies
with the FIPS 140-2 standard. This option supports all the same
IoT Security integrations as the cohosted version but is FIPS compliant
and does not require the purchase of a third-party integrations
add-on license.
The IoT Security portal (and this guide) refer to this as a full-featured Cortex XSOAR server,
which is a useful way to distinguish it from a cohosted Cortex XSOAR instance.
Nevertheless, the XSOAR server only needs to be deployed on premises to comply
with FedRAMP regulations. If your deployment doesn’t need to be FedRAMP
compliant, you can deploy the XSOAR server on premises or in the cloud. In
either case, the XSOAR server connects to IoT Security in the same way.
The setup of a full-featured XSOAR server to work with IoT Security is described in Third-party Integrations Using a Full-featured XSOAR Server.
Cortex XSOAR Using the IoT Security API
If you have a Cortex XSOAR instance and your goal is
to integrate it with IoT Security—for example, to run an automation
or playbook that downloads its inventory of IoT devices—see Palo Alto Networks IoT.
There you can learn the commands to create a direct IoT Security-to-Cortex
XSOAR integration. Note that this is different from the type of
integrations in which IoT Security leverages XSOAR to work with
third-party systems as described in this guide.