Use IoT Security integration with Aruba ClearPass to
quarantine devices of concern.
If you want to quarantine a device because
you saw an alert that concerns you, use the quarantine option on
page. You can also do this in the
Action menu in the Alerts section on a Device Details page.
Select an alert on
in the IoT
Quarantine via Aruba ClearPass
Add a comment.
After you enter a comment, the Send button changes from
gray to blue, indicating that you can proceed.
IoT Security sends a command through Cortex XSOAR to all
configured Aruba ClearPass instances to assign the device to a quarantine
VLAN. The instance or instances that have an endpoint with a matching
MAC address apply the quarantine. The device remains in quarantine
while you investigate the cause of the alert. Once it’s resolved,
you can then use the Release via Aruba
After you click
a link appears. When you click it, a new browser window opens to
the XSOAR playbook for this action.
that the quarantine command was sent, click the link to the XSOAR playbook for
For the link in IoT Security to open the
corresponding playbook in Cortex XSOAR, you must already be logged
in to your XSOAR instance before clicking it.
boxes in the playbook indicate that a particular step was successfully
performed. Following the path through the playbook gives you feedback
about whether an action was carried out successfully or, if not,
where the process changed course.