Integrate IoT Security with Aruba Central
Integrate IoT Security through Cortex XSOAR with Aruba Central.
Aruba Central manages wired and wireless networks in
distributed environments. By integrating through Cortex XSOAR with
Aruba Central, IoT Security can import information about the wired
and wireless devices in the Aruba Central infrastructure.
Because IoT Security and Aruba Central provide cloud-based and
on-premises options, the following combinations are possible:
IoT Security and Cortex XSOAR | Aruba Central |
|---|---|
IoT Security and a cloud-hosted XSOAR instance with one
or more on-premises XSOAR engines | One or more on-premises Aruba Central servers at multiple
sites |
IoT Security and a cloud-hosted XSOAR instance | Cloud-hosted Aruba Central |
IoT Security and an on-premises XSOAR server and, if the
network topology necessitates it, an XSOAR engine | On-premises Aruba Central server |
IoT Security and an on-premises XSOAR server | Cloud-hosted Aruba Central |
The following diagram illustrates the first option in the table
above.
IoT Security works with Cortex XSOAR to fetch the following information
from Aruba Central:
- Device MAC address, IP address, hostname, and serial number
- VLAN to which the device is assigned
- Connection type—wired or wireless
If it’s a wired device, IoT Security also fetches the following
information:
- Device type
- MAC address of the switch with which the device is connected
If it’s a wireless device, IoT Security fetches the following
additional information:
- IEEE 802.11 protocol, encryption method, authentication type, radio band (2.4 GHz or 5 GHz), channel, SSID, and signal-to-noise ratio (SNR) of the wireless association
When IoT Security receives information for devices that are already
in its inventory, it incorporates any additional information from
Aruba Central into the data it previously gathered from network
traffic and behavior analysis. With this information, IoT Security
can provide more granular endpoint reports and better detection
of misconfigurations and anomalies. Data that IoT Security already
has for a device hostname, VLAN, and network connection type (wired
or wireless) supersedes duplicate or conflicting data from Aruba
Central. For all other types of data, whatever is the most recent
takes precedence regardless of its source. For devices that aren’t
already in its inventory, IoT Security creates new entries with
the data that Aruba Central provides.
