Integrate IoT Security with Aruba Central
Table of Contents
Integrate IoT Security with Aruba Central
Integrate IoT Security through Cortex XSOAR with Aruba Central.
Aruba Central manages wired and wireless networks in
distributed environments. By integrating through Cortex XSOAR with
Aruba Central, IoT Security can import information about the wired
and wireless devices in the Aruba Central infrastructure.
Because IoT Security and Aruba Central provide cloud-based and
on-premises options, the following combinations are possible:
| IoT Security and Cortex XSOAR | Aruba Central |
|---|---|
| IoT Security and a cohosted XSOAR instance or a cloud-hosted full-featured XSOAR server with one or more on-premises XSOAR engines | One or more on-premises Aruba Central servers at multiple sites |
| IoT Security and a cohosted XSOAR instance or a cloud-hosted full-featured XSOAR server | Cloud-hosted Aruba Central |
| IoT Security and an on-premises XSOAR server and, if the network topology necessitates it, an XSOAR engine | On-premises Aruba Central server |
| IoT Security and an on-premises XSOAR server | Cloud-hosted Aruba Central |
The following diagram illustrates the first option in the table
above.
IoT Security works with Cortex XSOAR to fetch the following information from Aruba Central about
devices accessing the network:
- Device MAC address, IP address, hostname, and serial number
- VLAN to which the device is assigned
- Connection type—wired or wireless
- If it’s a wired device, IoT Security fetches the MAC address of the switch with which the device is connected.
- If it’s a wireless device, IoT Security fetches the IEEE 802.11 protocol, encryption method, authentication type, radio band (2.4 GHz or 5 GHz), channel, SSID, signal-to-noise ratio (SNR) of the wireless association, and name of the access point with which the device is associated.
IoT Security and Cortex XSOAR also fetch the following information from Aruba Central
about switches on the network:
- Switch MAC address, IP address, and hostname
- Switch type, model, and firmware version
- Site
When IoT Security receives information for devices that are already
in its inventory, it incorporates any additional information from
Aruba Central into the data it previously gathered from network
traffic and behavior analysis. With this information, IoT Security
can provide more granular endpoint reports and better detection
of misconfigurations and anomalies. Data that IoT Security already
has for a device hostname, VLAN, and network connection type (wired
or wireless) supersedes duplicate or conflicting data from Aruba
Central. For all other types of data, whatever is the most recent
takes precedence regardless of its source. For devices that aren’t
already in its inventory, IoT Security creates new entries with
the data that Aruba Central provides.
Integrating with Aruba Central requires either a full-featured Cortex XSOAR server or the purchase
and activation of an IoT Security
third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan
includes a license for three integration add-ons, one of which can be used for Aruba
Central. The advanced plan includes a license for all supported third-party
integrations.