Integrate IoT Security with Network Switches for SNMP Discovery
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Microsoft Defender XDR
- Set up Microsoft Defender XDR for Integration
- Set up IoT Security and Cortex XSOAR for Microsoft Defender XDR Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba AirWave
- Set up Aruba AirWave for Integration
- Set up IoT Security and Cortex XSOAR for Aruba AirWave Integration
- View Device Location Information
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Integrate IoT Security with Network Switches for SNMP Discovery
IoT Security and Cortex XSOAR use SNMP to learn device
details from network switches.
IoT Security can work through Cortex XSOAR
and an on-premises XSOAR engine to retrieve information from switches
about the devices connected to them. To do this, XSOAR uses SNMP.
The engine begins by establishing trust with an entry switch—usually
at the edge or aggregation layer—by sending it an SNMP community
string for read-only access. After this, the engine queries the
switch for information about the devices connected to it; specifically,
it learns the switch name and IP address, device MAC address and
IP address, and (for Cisco Catalyst switches) the name of the physical
port on the switch to which a device connects. The XSOAR engine
also queries the entry switch for the IP addresses of neighboring
switches on the network. It collects device information from them
next and also gets a list of their neighboring switches as well.
XSOAR continues collecting device information and learning about
other switches until it has queried them all.
After collecting
information through SNMP, IoT Security adds newly discovered details
about existing devices in its inventory and also adds newly discovered
devices to its inventory. When IoT Security learns of a new device
through SNMP, it displays Discovered via snmp in
the Source column for it on the Devices page.
You
can also filter the inventory to display only those devices learned
through SNMP. Click the Filter icon (
) above the inventory table, choose Source
and SNMP, optionally click the Save changes icon
(
) if you want to save
the filter for future use, and then Apply.
IoT Security
then displays only devices that match the filter; that is, devices
discovered through SNMP.
To
retrieve this information, the XSOAR engine does an SNMP walk for
the following object identifiers (OIDs):
OID | Comment |
---|---|
1.3.6.1.2.1.1.5 | This OID gets the switch name. |
1.3.6.1.2.1.4.22.1.2 | This gets the ARP table on the switch, which contains device MAC address/IP address pairs. |
1.3.6.1.2.1.17.4.3.1.2, 1.3.6.1.2.1.17.1.4.1.2, 1.3.6.1.2.1.31.1.1.1.1 | These three OIDs combine together to get device MAC address/physical port on the switch pairs. (Only Cisco Catalyst switches return this information.) |
1.3.6.1.4.1.9.9.23.1.2.1.1.4, 1.0.8802.1.1.2.1.4.2.1 | These OIDs provide the IP addresses of neighboring switches learned through Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP). |
Make sure the switches on your network allow read-only
access from the Cortex engine to these OIDs.
When you
look at the Device Details page for a device learned through SNMP,
you’ll only see fields for which IoT Security has data. If a switch
provides partial data for a device, then IoT Security shows the
data it received and hides the fields for which it wasn't sent anything.
Cortex
XSOAR runs a recurring job to query switches. Running the job on
a daily basis is recommended although you can set the interval between
jobs to occur more or less frequently as you want.
SNMP
v2c and v3 are supported.
Using SNMP to collect information from network switches requires either a full-featured Cortex XSOAR server
or the purchase and activation of an IoT Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic
plan includes a license for three integration add-ons, one of which can be used for
SNMP discovery. The advanced plan includes a license for all supported third-party
integrations.