Integrate IoT Security with Aruba Central

Integrate IoT Security through Cortex XSOAR with Aruba Central.
Aruba Central manages wired and wireless networks in distributed environments. By integrating through Cortex XSOAR with Aruba Central, IoT Security can import information about the wired and wireless devices in the Aruba Central infrastructure.
Because IoT Security and Aruba Central provide cloud-based and on-premises options, the following combinations are possible:
IoT Security and Cortex XSOAR
Aruba Central
IoT Security and a cloud-hosted XSOAR instance with one or more on-premises XSOAR engines
One or more on-premises Aruba Central servers at multiple sites
IoT Security and a cloud-hosted XSOAR instance
Cloud-hosted Aruba Central
IoT Security and an on-premises XSOAR server and, if the network topology necessitates it, an XSOAR engine
On-premises Aruba Central server
IoT Security and an on-premises XSOAR server
Cloud-hosted Aruba Central
The following diagram illustrates the first option in the table above.
IoT Security works with Cortex XSOAR to fetch the following information from Aruba Central:
  • Device MAC address, IP address, hostname, and serial number
  • VLAN to which the device is assigned
  • Connection type—wired or wireless
If it’s a wired device, IoT Security also fetches the following information:
  • Device type
  • MAC address of the switch with which the device is connected
If it’s a wireless device, IoT Security fetches the following additional information:
  • IEEE 802.11 protocol, encryption method, authentication type, radio band (2.4 GHz or 5 GHz), channel, SSID, and signal-to-noise ratio (SNR) of the wireless association
When IoT Security receives information for devices that are already in its inventory, it incorporates any additional information from Aruba Central into the data it previously gathered from network traffic and behavior analysis. With this information, IoT Security can provide more granular endpoint reports and better detection of misconfigurations and anomalies. Data that IoT Security already has for a device hostname, VLAN, and network connection type (wired or wireless) supersedes duplicate or conflicting data from Aruba Central. For all other types of data, whatever is the most recent takes precedence regardless of its source. For devices that aren’t already in its inventory, IoT Security creates new entries with the data that Aruba Central provides.

Recommended For You