Set up IoT Security and XSOAR for Cisco Prime Integration
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Set up IoT Security and XSOAR for Cisco Prime Integration
IoT Security
and XSOAR for Cisco Prime IntegrationSet up
IoT Security
and Cortex XSOAR
to integrate with
Cisco Prime Infrastructure.To set up
IoT Security
to integrate through
Cortex XSOAR
with Cisco Prime Infrastructure, you must add a Cortex XSOAR
engine to your network.You must also configure the
Cisco Prime integration instance in XSOAR. To do this, you need
the IP address of your Cisco Prime system and the username and password
of the NBI read-only user account that the XSOAR engine will use
when forming a secure connection with Prime.
Cortex XSOAR Engine Installation
Cortex XSOAR
Engine InstallationThe
Cortex XSOAR
engine initiates connections
to Cisco Prime Infrastructure and to the Cortex cloud and provides
the means through which they communicate with each other. Although
it's possible to install an XSOAR engine on machines running Windows,
macOS, and Linux operating systems, only an engine on a Linux machine
supports IoT Security
integrations. For more information about operating
system and hardware requirements, see the Cortex XSOAR
.We recommend downloading the XSOAR engine
using the shell installer script and installing it on a Linux machine.
This simplifies the deployment by automatically installing all required
dependencies and also enables remote engine upgrades.
When
placing the XSOAR engine on your network, make sure it can form
HTTPS connections to your Cisco Prime system on TCP port 443. The
XSOAR engine uses TCP 443 when authenticating with Cisco Prime and
requesting and receiving device data.
The on-premises firewall must allow the XSOAR engine to form HTTPS connections on TCP port 443 to
the Cortex cloud at https://<your-domain>.iot.demisto.live/. You can see the
URL of your XSOAR instance when you log in to the . It’s visible in the address bar of the web page displaying the
XSOAR interface.
IoT Security
portal and
click Integrations
Launch
Cortex XSOAR
To create an XSOAR engine, access the ). Click . Choose
Cortex XSOAR
interface (from the IoT Security
portal, click Integrations
Launch
Cortex XSOAR
Settings
Engines
Create New Engine
Shell
as the type. For installation instructions, see Install .
For
help troubleshooting
Cortex XSOAR
engines, including installations,
upgrades, connectivity, and permissions, see Troubleshoot and Troubleshoot Integrations Running
on Engines.Configure IoT Security and Cortex XSOAR
IoT Security
and Cortex XSOAR
- Log in toIoT Securityand from there access Cisco Prime settings inCortex XSOAR.
- Log in toIoT Securityand then clickIntegrations.
- IoT SecurityusesCortex XSOARto integrate with Cisco Prime, and the settings you must configure to integrate with Prime are in the XSOAR interface. To access these settings, clickLaunch.Cortex XSOARTheCortex XSOARinterface opens in a new browser window.
- ClickSettingsin the left navigation menu, search forcisco primeto locate it among other instances.
- Configure the Cisco Prime instance.
- ClickAdd instanceto open the settings panel.
- Enter the following and leave other settings at their default values:Name: Use the default name of the instance (Cisco Prime_instance_1) or enter a new one.Remember the instance name because you are going to use it again when creating jobs thatCortex XSOARwill run.Cisco Prime Server URL: Enter the Cisco Prime Server URL.Cisco Prime username: Enter the name of the NBI read-only user account you previously created in Cisco Prime.Password: Enter the password associated with the user account.Run on Single engine: Choose the XSOAR engine that you want to communicate with the Cisco Prime system.
- When finished, clickRun testorTest.If the test is successful, a Success message appears. If not, check that the settings were entered correctly and then test the configuration again.
- After the test succeeds, clickSave & exitto save your changes and close the settings panel.
- To enable Cisco Prime Integration Instance, clickEnable.
- Create a job for XSOAR to get a list of MAC addresses of active devices fromIoT Securityand then query Cisco Prime for details about the devices in the list.IoT Securityand XSOAR only request details from Prime if a device has a MAC address. If your network has static IP devices without MAC addresses, they will not be included.Copy the name of the instance you just created, navigate to Jobs, and then click New Job at the top of the page.In the New Job panel that appears, enter the following and leave the other settings at their default values:Recurring: Select this because you want to periodically poll Cisco Prime for device details.Every: Enter a number and set the interval value (Minutes, Hours, Days, or Weeks) and select the days on which to run the job. This determines how often XSOAR sends a list of MAC addresses of currently active devices fromIoT Securityto Cisco Prime and receives device details in response.As a general rule of thumb, this job takes about 15 minutes per 1000 devices to complete. Other factors that might affect the time required to complete a job are the Cisco DNA Center API processing speed and settings.Name: Enter a name for the job.Playbook: ChooseCisco Prime Clients.Integration Instance Name: Paste the instance name you copied a few moments ago.Playbook Poll Interval: Enter a number (the value, though unspecified, is minutes) defining the period of time during whichIoT Securitymust see device activity to include it in the list of currently active devices it provides to XSOAR. It’s common to use the same interval as the one above for running the recurring job.Site Names: By default, the XSOAR retrieves device data from all sites thatIoT Securitymanages. If there are multiple sites and you want to get device data from a subset of them or Cisco Prime is managing a subset of them, specify them by name here. Separate multiple names with commas. Use quotation marks around names with spaces. Because theCortex XSOARUI opens in a new browser window, you can return to the previous window with theIoT Securityportal and navigate toto view a list of site names.AdministrationSites and FirewallsSitesClickCreate new job.The job appears at the bottom of the Jobs list.
- Enable the job and run it.Check the Job Status for the job you created. If it’s Disabled, select its check box and then clickEnable.After you enable it, keep the check box selected and clickRun now. The Run Status changes from Idle to Running. In addition, running a job in XSOAR triggers the referenced integration instance to appear on the Integrations page in theIoT Securityportal.At the defined interval, XSOAR begins the job by first requesting an active device list fromIoT Securityand then using that list to query Cisco Prime for client details, which it forwards to theIoT Securitycloud.
- If you have multiple Prime instances, add more jobs as necessary.To add another, clickAdd instance, configure the settings as previously explained, and then click Done.You can configure multiple instances with different XSOAR engines retrieving device information from the same Cisco Prime server. However, a single engine cannot retrieve information from multiple servers.Run each job you create at least once to populate the Integrations page with all the integration instances you’re using in XSOAR.
- Return to theIoT Securityportal and check the status of the Cisco Prime integration.An integration instance can be in one of the following four states, whichIoT Securitydisplays in the Status column on the Integrations page:
- Disabledmeans that either the integration was configured but intentionally disabled or it was never configured and a job that references it is enabled and running.
- Errormeans that the integration was configured and enabled but is not functioning properly, possibly due to a configuration error or network condition.
- Inactivemeans that the integration was configured and enabled but no job has run for at least the past 60 minutes.
- Activemeans that the integration was configured and enabled and is functioning properly.
When you see that the status of an integration instance isActive, its setup is complete. At the defined interval, XSOAR begins the job by first requesting an active device list fromIoT Securityand then using that list to query Cisco Prime for client details, which it forwards to theIoT Securitycloud.