Integrate IoT Security with Cisco WLAN Controllers

Integrate IoT Security through Cortex XSOAR with Cisco WLAN controllers.
When you integrate IoT Security with Cisco WLAN controllers, Cortex XSOAR uses XSOAR engines to gather data from WLAN controllers about wireless access points and their clients. The data is then shown on the Devices page and Device Details pages in the IoT Security portal.
An XSOAR engine makes SSH connections to one or more Cisco controllers and queries them for access point and client data. The engine then relays the data over HTTPS to Cortex XSOAR, which forwards it to the IoT Security cloud where an IoT Security administrator can view it in the IoT Security portal. You can see the following types of data that Cisco WLAN controllers collect for wireless clients on the Devices and Device Details pages in the IoT Security portal.
Data collected for IEEE 802.11 wireless clients (Wi-Fi clients):
  • Access point with which the wireless client is currently associated and the length of its connection
  • SSID through which the client is associated with the access point
  • SNR (signal-to-noise ratio)
  • RSSI (radio signal strength indicator)
  • Radio band (2.4 GHz or 5 GHz)
  • IEEE standard (802.11a/b/g/n/ac/ax)
  • Encryption ciphers like CCMP-128 (AES) that the Cisco WLAN controller returns
  • Authentication details (WPA2 PSK, WPA 802.1X, WPA, WEP, open)
Data collected for Bluetooth clients and Bluetooth Low Energy (BLE) clients:
  • IP address, MAC address, model, and name of the access point with which the Bluetooth or BLE client is currently associated
  • MAC address of the Bluetooth or BLE device
  • Bluetooth type (Bluetooth or BLE)
  • Frequency (2.4 GHz)
  • Channel
  • Duration of the current connection
The Device Details page only shows fields for which it has data. If a Cisco WLAN controller provides partial data for a Wi-Fi, Bluetooth, or BLE device, then IoT Security shows the data it received and hides the fields for which it wasn't sent anything.
For Cisco WLAN controllers to discover Bluetooth and BLE devices while checking for wireless interference, CleanAir must be enabled on the controllers. (CleanAir is a feature for detecting wireless interference and is available in release 8.1 and later.) For Cisco WLAN controllers to receive beacons from BLE devices, they must be running release 8.7 or later and have scan mode enabled.
If IoT Security learns about a device from both Cisco Prime and a controller, the latest data from either one takes precedence and overrides previous values if different.
If two controllers provide data about the same wireless client—perhaps because it roamed between access points managed by different controllers—the most recent data will be shown.
Integrating with Cisco WLAN controllers requires the purchase and activation of a third-party integration add-on. The basic integration plan includes a license for three integration add-ons, one of which can be used for this. The advanced plan includes a license for all supported third-party integrations.

Recommended For You