Third-party Integrations Using Cohosted XSOAR

Use a cohosted Cortex XSOAR instance for IoT Security integration with third-party solutions.
When you buy and activate an IoT Security Third-party Integrations Add-on license, a cloud-hosted, purpose-built instance of XSOAR is generated exclusively for your IoT Security tenant at no extra charge. It enables IoT Security to integrate with both cloud-based third-party systems and—by means of an on-site XSOAR engine—with third-party systems deployed on premises.
An IoT Security Third-party Integrations Add-on does not require the purchase of a full Cortex XSOAR product. After you enable the add-on, IoT Security automatically generates a cloud-hosted XSOAR instance with limited functionality (in contrast to a full Cortex XSOAR product) to assist IoT Security with the integrations it supports.
After you activate the add-on during the onboarding process, a limited, cloud-hosted Cortex XSOAR instance is generated exclusively to support third-party integrations included in the add-on. There is no extra charge for this dedicated XSOAR instance, which supports integrations with the following third-party systems:
When integrating IoT Security with one of the third-party systems, you’ll use the interface of the dedicated XSOAR instance to configure this side of the integration and the user interface of the remote system to configure the other side. The XSOAR interface has been scaled down to just those features and settings essential for IoT Security to integrate with these other systems. To access the XSOAR interface, log in to the IoT Security portal, open the Integrations page, and then click
Launch Cortex XSOAR
. Due to the automatic authentication mechanism that occurs between IoT Security and XSOAR when you click this link, it’s the only way to access the interface of your XSOAR instance.
If you do not see all available third-party integrations in the Cortex XSOAR interface, it's possible that your XSOAR instance hasn't been updated with the latest content pack. Content packs include code changes to the jobs and playbooks of existing integrations as well as additional new third-party integrations. To get the latest XSOAR content pack, log in to your Customer Support Portal account and create a case with your request.
Some integrations such as ServiceNow, Nuvolo, and Qualys occur completely in the cloud, from the IoT Security cloud through Cortex XSOAR to the third-party cloud. Others such as Cisco ISE, SIEM, and Aruba ClearPass occur both in the cloud and on premises. The IoT Security cloud sends data to Cortex XSOAR, which forwards it to an XSOAR engine installed on a VM on premises. The XSOAR engine then forwards the data across the network to a third-party server that’s also on premises.
After purchasing and activating an IoT Security Third-party Integrations Add-on license and configuring certain integration instances, various settings become available for use in the IoT Security portal. For example, options to quarantine a device and release a previously quarantined device only appear after you configure an integration instance that supports such actions.

Recommended For You