Third-party Integrations Using Cohosted XSOAR
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Microsoft Defender XDR
- Set up Microsoft Defender XDR for Integration
- Set up IoT Security and Cortex XSOAR for Microsoft Defender XDR Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba AirWave
- Set up Aruba AirWave for Integration
- Set up IoT Security and Cortex XSOAR for Aruba AirWave Integration
- View Device Location Information
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Third-party Integrations Using Cohosted XSOAR
Use a cohosted Cortex XSOAR instance for IoT Security
integration with third-party solutions.
When you buy and activate an
IoT Security Third-party Integrations Add-on license, a cloud-hosted,
purpose-built instance of XSOAR is generated exclusively for your
IoT Security tenant at no extra charge. It enables IoT Security
to integrate with both cloud-based third-party systems and—by means
of an on-site XSOAR engine—with third-party systems deployed on
premises. (For XSOAR engine installation instructions, refer to
the “Cortex XSOAR Engine Installation” section for the third-party
product being integrated with IoT Security.)
An IoT Security Third-party Integrations Add-on does not
require the purchase of a full Cortex XSOAR product. After you enable the
add-on, IoT Security automatically generates a cloud-hosted XSOAR
instance with limited functionality (in contrast to a full Cortex
XSOAR product) to assist IoT Security with the integrations it supports.
After you activate the add-on during the onboarding process,
a limited, cloud-hosted Cortex XSOAR instance is generated exclusively
to support third-party integrations included in the add-on. There
is no extra charge for this dedicated XSOAR instance, which supports
integrations with the following third-party systems:
- Asset Discovery
- Asset Management
- AIMS
- Jamf Pro
- Microsoft SCCM
- Nuvolo
- RENOVOLive
- ServiceNow
- SoftPro Medusa
- Endpoint Protection
- Network Management
- Identity and Access Management
- Microsoft Entra ID
- IP Address Management
- Wireless Network Controllers
- Security Information and Event Management
- Network Access Control
- Aruba ClearPass
- Cisco ISE
- Cisco ISE pxGrid
- Extreme Networks ExtremeCloud IQ
- Forescout
- Vulnerability Scanning
When integrating IoT Security with one of the third-party systems, you’ll use the interface
of the dedicated XSOAR instance to configure this side of the integration and the user
interface of the remote system to configure the other side. The XSOAR interface has been
scaled down to just those features and settings essential for IoT Security to
integrate with these other systems. To access the XSOAR interface, log in to the IoT Security portal, open the Integrations page, and then click Launch
Cortex XSOAR. Due to the automatic authentication
mechanism that occurs between IoT Security and XSOAR when you click this link,
it’s the only way to access the interface of your XSOAR instance.
If you do not see all available third-party integrations
in the Cortex XSOAR interface, it's possible that your XSOAR instance hasn't
been updated with the latest content pack. Content packs include
code changes to the jobs and playbooks of existing integrations
as well as additional new third-party integrations. To get the latest
XSOAR content pack, log in to your Customer Support Portal account
and create a case with your request.
Some integrations such as ServiceNow, Nuvolo, and Qualys occur completely in the cloud, from the
IoT Security cloud through Cortex XSOAR to the third-party cloud. Others such as Cisco
ISE, SIEM, and Aruba ClearPass occur both in the cloud and on premises. The IoT Security
cloud sends data to Cortex XSOAR, which forwards it to an XSOAR engine installed on a VM on premises.
The XSOAR engine then forwards the data across the network to a third-party server
that’s also on premises. The following shows which integrations require an on-premises
XSOAR engine when IoT Security is communicating through a cohosted XSOAR instance:
Asset Management Integrations | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
AIMS | No (cloud-hosted AIMS instance), Yes (on-premises AIMS system) | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 (default) to an on-premises AIMS system |
Microsoft SCCM | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and TCP 1433 (default) to an on-premises SCCM SQL system |
Nuvolo | No | — |
ServiceNow | No | — |
Endpoint Protection | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Cortex XDR | No | — |
CrowdStrike | No | — |
Microsoft Defender XDR | No | — |
Tanium | No (cloud-hosted Tanium), Yes (one or more on-premises Tanium servers) | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 to your on-premises Tanium API |
Network Management | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Aruba AirWave | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ |
Aruba Central | No (cloud-hosted Aruba Central), Yes (one or more on-premises Aruba Central servers) | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SSH on TCP 22 to an on-premises Aruba Central server |
Cisco DNA Center | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 to your on-premises Cisco DNA Center API |
Cisco Meraki Cloud | No | — |
Cisco Prime Infrastructure | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 to your on-premises Cisco Prime instance |
SNMP Discovery | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SNMP on UDP 161 to local network switches |
Network Discovery | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SNMP on UDP 161 to local network switches |
IP Address Management | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
BlueCat IPAM | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTP or HTTPS on TCP 80 or TCP 443 to your on-premises BlueCat Address Manager |
Infoblox IPAM | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and to your on-premises Infoblox Grid Master API |
Wireless Network Controllers | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Aruba WLAN Controllers | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 4343 (default) to the API of on-premises Aruba WLAN controllers |
Cisco WLAN Controllers | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SSH on TCP 22 (default) to on-premises Cisco WLAN controllers |
Security Information and Event Management | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
SIEM | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and syslog event messages on UDP 514 (default) to your SIEM server |
Network Access Control | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Aruba ClearPass | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and to the on-premises Aruba ClearPass system |
Cisco ISE | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 and 9060 to your on-premises Cisco ISE system |
Cisco ISE pxGrid | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and SSL on TCP 8910 (default) to your on-premises Cisco pxGrid controller/ISE system |
Forescout | Yes | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/ and HTTPS on TCP 443 (default) to your on-premises Forescout system |
Vulnerability Scanning | Requires an XSOAR Engine on Premises | XSOAR Engine Communications |
---|---|---|
Qualys | No | — |
Rapid7 | No (cloud-hosted Rapid7 system), Yes (on-premises Rapid7 system) | HTTPS on TCP 443 to https://<your-domain>.iot.demisto.live/, HTTPS on TCP 3780 (default) to your on-premises Rapid7 UI, and HTTPS on TCP 8080 and 443 (default) to your on-premises Rapid7 API |
Tenable (Tenable.io) | No | — |
After you set up IoT Security to work with a full-featured or
cohosted XSOAR instance and configure some integration instances in XSOAR, various
settings become available for use in the IoT Security portal. For
example, options to quarantine a device and release a previously quarantined device only
appear after you configure an integration instance that supports such actions.