New Features - Device Security - February 2026

( February 2026 ) The Device Security Device Search API now returns a site name, instead of a site ID, for a device search. Additionally, the API also returns the results sorted by the Last Activity attribute, in descending order.

( September 2025 ) You can find devices and multi-interface devices when querying for devices using the Device Security API. Use the Device Search API to find (multi-interface) devices in your assets inventory when searching by IP address or MAC address. This API can only be used with Device Security in Strata Cloud Manager, and it isn't supported by the legacy IoT Security portal.

( February 2026 ) When configuring a Cisco Meraki integration instance with Device Security, you can specify Service Set Identifiers (SSID) to include or exclude from the scope of the data ingestion. If an SSID appears in both the include and exclude lists, causing a conflict, then the exclusion takes priority. Configure SSID filtering to prioritize which SSIDs you want to actively monitor through the Cisco Meraki integration.

( December 2025 enhancement ) Device Security can now learn network details when integrating with Cisco Meraki. The network details include information about subnets, VLANs, static IP addresses, and DHCP leases. Device Security and Cortex XSOAR use a new playbook, Import Cisco Meraki Networks to Device Security, to get the network information. The Cisco Meraki integration instance in Cortex XSOAR also includes a new field, Networks, to specify which networks to learn network information for. To pull the network information from your Cisco Meraki solution to Device Security, update your Cisco Meraki integration instance and configure a new Cortex XSOAR job with the new playbook.

Device Security integrates with Cisco Meraki Cloud through Cortex XSOAR to enrich your asset inventory with detailed data about devices accessing your network through Cisco switches and wireless access points. This integration enables you to import device attributes, such as MAC and IP addresses, VLANs, and OS details, directly into Device Security . For wired clients, you gain visibility into the connecting switch, while wireless client data includes the associated access point. Use this feature to correlate network-layer data with traffic logs from next-generation firewalls. This integratio helps you maintain visibility of both online and recently offline devices, so you can base your security policy decisions on the most current context available.

Relying on the standard API connections for Cortex XDR® often limits the depth of endpoint data you can retrieve, creating visibility gaps that complicate asset management and vulnerability prioritization.

Palo Alto Networks® Device Security now addresses this limitation by using XQL queries to ingest comprehensive endpoint telemetry from your Cortex XDR® environment. The Device Security integration with Cortex XDR through Cortex XSOAR enhances standard public API capabilities by collecting detailed software inventories (SBOM), operating system patch data, and vulnerability (CVE) information. This provides a more complete view of your network endpoints and helps you prioritize vulnerabilities more effectively.

By enriching your asset profiles with extensive OS details and additional vulnerability and patch data, you gain a more accurate understanding of your network endpoints. This enhanced visibility helps you track software vulnerabilities and streamline your remediation efforts using detailed, correlated data.