|
1 | 1 | --- |
2 | 2 | title: Integrations with partner services - Microsoft Defender for IoT |
3 | 3 | description: Learn about supported integrations with Microsoft Defender for IoT. |
4 | | -ms.date: 06/21/2022 |
| 4 | +ms.date: 08/02/2022 |
5 | 5 | ms.topic: overview |
6 | 6 | --- |
7 | 7 |
|
8 | | -# Integrations with partner services |
| 8 | +# Integrations with Microsoft and partner services |
9 | 9 |
|
10 | 10 | Integrate Microsoft Defender for Iot with partner services to view partner data in Defender for IoT, or to view Defender for IoT data in a partner service. |
11 | 11 |
|
12 | | -## Supported integrations |
13 | | - |
14 | | -The following table lists available integrations for Microsoft Defender for IoT, as well as links for specific configuration information. |
15 | | - |
16 | | - |
17 | | -|Partner service |Description | Learn more | |
18 | | -|---------|---------|---------| |
19 | | -| **ArcSight** | Forward Defender for IoT alerts to ArcSight. | [Integrate ArcSight with Microsoft Defender for IoT](integrations/arcsight.md) | |
20 | | -|**Aruba ClearPass** | Share Defender for IoT data with ClearPass Security Exchange and update the ClearPass Policy Manager Endpoint Database with Defender for IoT data. | [Integrate ClearPass with Microsoft Defender for IoT](tutorial-clearpass.md) | |
21 | | -|**CyberArk** | Send CyberArk PSM syslog data on remote sessions and verification failures to Defender for IoT for data correlation. | [Integrate CyberArk with Microsoft Defender for IoT](tutorial-cyberark.md) | |
22 | | -|**Forescout** | Automate actions in Forescout based on activity detected by Defender for IoT, and correlate Defender for IoT data with other *Forescout eyeExtended* modules that oversee monitoring, incident management, and device control. | [Integrate Forescout with Microsoft Defender for IoT](tutorial-forescout.md) | |
23 | | -|**Fortinet** | Send Defender for IoT data to Fortinet services for: <br><br>- Enhanced network visibility in FortiSIEM<br>- Extra abilities in FortiGate to stop anomalous behavior | [Integrate Fortinet with Microsoft Defender for IoT](tutorial-fortinet.md) | |
24 | | -| **LogRhythm** | Forward Defender for IoT alerts to LogRhythm. | [Integrate LogRhythm with Microsoft Defender for IoT](integrations/logrhythm.md) | |
25 | | -| **RSA NetWitness** | Forward Defender for IoT alerts to RSA NetWitness | [Integrate RSA NetWitness with Microsoft Defender for IoT](integrations/netwitness.md) <br>[CyberX Platform - RSA NetWitness CEF Parser Implementation Guide](https://community.netwitness.com//t5/netwitness-platform-integrations/cyberx-platform-rsa-netwitness-cef-parser-implementation-guide/ta-p/554364) | |
26 | | -|**Palo Alto** |Use Defender for IoT data to block critical threats with Palo Alto firewalls, either with automatic blocking or with blocking recommendations. | [Integrate Palo-Alto with Microsoft Defender for IoT](tutorial-palo-alto.md) | |
27 | | -|**QRadar** |Forward Defender for IoT alerts to IBM QRadar. | [Integrate Qradar with Microsoft Defender for IoT](tutorial-qradar.md) | |
28 | | -|**ServiceNow** | View Defender for IoT device detections, attributes, and connections in ServiceNow. | [Integrate ServiceNow with Microsoft Defender for IoT](tutorial-servicenow.md) | |
29 | | -| **Splunk** | Send Defender for IoT alerts to Splunk | [Integrate Splunk with Microsoft Defender for IoT](tutorial-splunk.md) | |
30 | | -|**Axonius Cybersecurity Asset Management** | Import and manage device inventory discovered by Defender for IoT in your Axonius instance. | [Axonius documentation](https://docs.axonius.com/docs/azure-defender-for-iot) | |
31 | | -|**Skybox** | Import vulnerability occurrence data discovered by Defender for IoT in your Skybox platform. | [Skybox documentation](https://docs.skyboxsecurity.com) <br><br> [Skybox integration page](https://www.skyboxsecurity.com/products/integrations) | |
| 12 | +## Aruba ClearPass |
| 13 | + |
| 14 | + |
| 15 | +|Name |Description |Support scope |Supported by |Learn more | |
| 16 | +|---------|---------|---------|---------|---------| |
| 17 | +|**Aruba ClearPass** | Share Defender for IoT data with ClearPass Security Exchange and update the ClearPass Policy Manager Endpoint Database with Defender for IoT data. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate ClearPass with Microsoft Defender for IoT](tutorial-clearpass.md) | |
| 18 | + |
| 19 | +## Axonius |
| 20 | + |
| 21 | + |
| 22 | +|Name |Description |Support scope |Supported by |Learn more | |
| 23 | +|---------|---------|---------|---------|---------| |
| 24 | +|**Axonius Cybersecurity Asset Management** | Import and manage device inventory discovered by Defender for IoT in your Axonius instance. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Axonius | [Axonius documentation](https://docs.axonius.com/docs/azure-defender-for-iot) | |
| 25 | + |
| 26 | +## CyberArk PSM |
| 27 | + |
| 28 | +|Name |Description |Support scope |Supported by |Learn more | |
| 29 | +|---------|---------|---------|---------|---------| |
| 30 | +|**CyberArk Privileged Session Manager (PSM)** | Send CyberArk PSM syslog data on remote sessions and verification failures to Defender for IoT for data correlation. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate CyberArk with Microsoft Defender for IoT](tutorial-cyberark.md) | |
| 31 | + |
| 32 | +## Forescout |
| 33 | + |
| 34 | +|Name |Description |Support scope |Supported by |Learn more | |
| 35 | +|---------|---------|---------|---------|---------| |
| 36 | +|**Forescout** | Automate actions in Forescout based on activity detected by Defender for IoT, and correlate Defender for IoT data with other *Forescout eyeExtended* modules that oversee monitoring, incident management, and device control. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate Forescout with Microsoft Defender for IoT](tutorial-forescout.md) | |
| 37 | + |
| 38 | +## Fortinet |
| 39 | + |
| 40 | +|Name |Description |Support scope |Supported by |Learn more | |
| 41 | +|---------|---------|---------|---------|---------| |
| 42 | +|**Fortinet FortiSIEM and FortiGate** | Send Defender for IoT data to Fortinet services for: <br><br>- Enhanced network visibility in FortiSIEM<br>- Extra abilities in FortiGate to stop anomalous behavior | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate Fortinet with Microsoft Defender for IoT](tutorial-fortinet.md) | |
| 43 | + |
| 44 | +## IBM QRadar |
| 45 | + |
| 46 | +|Name |Description |Support scope |Supported by |Learn more | |
| 47 | +|---------|---------|---------|---------|---------| |
| 48 | +| **IBM QRadar** | Send Defender for IoT alerts to IBM QRadar | - OT networks <br>- Cloud connected sensors | Microsoft | [Stream Microsoft Defender for IoT alerts to a 3rd party SIEM](https://techcommunity.microsoft.com/t5/microsoft-defender-for-iot-blog/stream-microsoft-defender-for-iot-alerts-to-a-3rd-party-siem/ba-p/3581242) | |
| 49 | +|**IBM QRadar** | Forward Defender for IoT alerts to IBM QRadar. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate Qradar with Microsoft Defender for IoT](tutorial-qradar.md) | |
| 50 | + |
| 51 | +## LogRhythm |
| 52 | + |
| 53 | +|Name |Description |Support scope |Supported by |Learn more | |
| 54 | +|---------|---------|---------|---------|---------| |
| 55 | +|**LogRhythm** | Forward Defender for IoT alerts to LogRhythm. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate LogRhythm with Microsoft Defender for IoT](integrations/logrhythm.md) | |
| 56 | + |
| 57 | +## Micro Focus ArcSight |
| 58 | + |
| 59 | +|Name |Description |Support scope |Supported by |Learn more | |
| 60 | +|---------|---------|---------|---------|---------| |
| 61 | +|**Micro Focus ArcSight** | Forward Defender for IoT alerts to ArcSight. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate ArcSight with Microsoft Defender for IoT](integrations/arcsight.md) | |
| 62 | + |
| 63 | +## Microsoft Defender for Endpoint |
| 64 | + |
| 65 | +|Name |Description |Support scope |Supported by |Learn more | |
| 66 | +|---------|---------|---------|---------|---------| |
| 67 | +|**Microsoft Defender for Endpoint** | Integrates Defender for IoT data in Defender for Endpoint's device inventory, alerts, recommendations, and vulnerabilities. Displays device data about Defender for Endpoint endpoints in the Defender for IoT **Device inventory** page on the Azure portal. | - Enterprise IoT networks and sensors | Microsoft | [Onboard with Microsoft Defender for IoT](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration) | |
| 68 | + |
| 69 | +## Microsoft Sentinel |
| 70 | + |
| 71 | +|Name |Description |Support scope |Supported by |Learn more | |
| 72 | +|---------|---------|---------|---------|---------| |
| 73 | +|**Defender for IoT data connector** | Displays Defender for IoT data in Microsoft Sentinel, supporting end-to-end SOC investigations for Defender for IoT alerts. | - OT and Enterprise IoT networks <br>- Cloud-connected sensors | Microsoft | [Integrate Microsoft Sentinel and Microsoft Defender for IoT](/azure/sentinel/iot-solution?tabs=use-out-of-the-box-analytics-rules-recommended) | |
| 74 | + |
| 75 | + |
| 76 | +## Palo Alto |
| 77 | + |
| 78 | +|Name |Description |Support scope |Supported by |Learn more | |
| 79 | +|---------|---------|---------|---------|---------| |
| 80 | +|**Palo Alto** | Use Defender for IoT data to block critical threats with Palo Alto firewalls, either with automatic blocking or with blocking recommendations. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate Palo-Alto with Microsoft Defender for IoT](tutorial-palo-alto.md) | |
| 81 | + |
| 82 | + |
| 83 | +## RSA NetWitness |
| 84 | + |
| 85 | +|Name |Description |Support scope |Supported by |Learn more | |
| 86 | +|---------|---------|---------|---------|---------| |
| 87 | +|**RSA NetWitness** | Forward Defender for IoT alerts to RSA NetWitness | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate RSA NetWitness with Microsoft Defender for IoT](integrations/netwitness.md) <br><br>[Defender for IoT - RSA NetWitness CEF Parser Implementation Guide](https://community.netwitness.com//t5/netwitness-platform-integrations/cyberx-platform-rsa-netwitness-cef-parser-implementation-guide/ta-p/554364) | |
| 88 | + |
| 89 | +## ServiceNow |
| 90 | + |
| 91 | +|Name |Description |Support scope |Supported by |Learn more | |
| 92 | +|---------|---------|---------|---------|---------| |
| 93 | +| **Vulnerability Response Integration with Microsoft Azure Defender for IoT** | View Defender for IoT device vulnerabilities in ServiceNow. | - OT networks<br>- Locally managed sensors and on-premises management consoles | ServiceNow | [ServiceNow store](https://store.servicenow.com/sn_appstore_store.do#!/store/application/463a7907c3313010985a1b2d3640dd7e/1.0.1?referer=%2Fstore%2Fsearch%3Flistingtype%3Dallintegrations%25253Bancillary_app%25253Bcertified_apps%25253Bcontent%25253Bindustry_solution%25253Boem%25253Butility%25253Btemplate%26q%3Ddefender%2520for%2520iot&sl=sh) | |
| 94 | +| **Service Graph Connector Integration with Microsoft Azure Defender for IoT** | View Defender for IoT device detections, sensors, and network connections in ServiceNow. | - OT networks<br>- Locally managed sensors and on-premises management consoles | ServiceNow | [ServiceNow store](https://store.servicenow.com/sn_appstore_store.do#!/store/application/ddd4bf1b53f130104b5cddeeff7b1229/1.0.0?referer=%2Fstore%2Fsearch%3Flistingtype%3Dallintegrations%25253Bancillary_app%25253Bcertified_apps%25253Bcontent%25253Bindustry_solution%25253Boem%25253Butility%25253Btemplate%26q%3Ddefender%2520for%2520iot&sl=sh) | |
| 95 | +| **Microsoft Defender for IoT** (Legacy) | View Defender for IoT device detections and alerts in ServiceNow. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [ServiceNow store](https://store.servicenow.com/sn_appstore_store.do#!/store/application/6dca6137dbba13406f7deeb5ca961906/3.1.5?referer=%2Fstore%2Fsearch%3Flistingtype%3Dallintegrations%25253Bancillary_app%25253Bcertified_apps%25253Bcontent%25253Bindustry_solution%25253Boem%25253Butility%25253Btemplate%26q%3Ddefender%2520for%2520iot&sl=sh)<br><br>[Integrate ServiceNow with Microsoft Defender for IoT](tutorial-servicenow.md) | |
| 96 | + |
| 97 | +## Skybox |
| 98 | + |
| 99 | +|Name |Description |Support scope |Supported by |Learn more | |
| 100 | +|---------|---------|---------|---------|---------| |
| 101 | +|**Skybox** | Import vulnerability occurrence data discovered by Defender for IoT in your Skybox platform. | - OT networks<br>- Locally managed sensors and on-premises management consoles | Skybox | [Skybox documentation](https://docs.skyboxsecurity.com) <br><br> [Skybox integration page](https://www.skyboxsecurity.com/products/integrations) | |
| 102 | + |
| 103 | + |
| 104 | +## Splunk |
| 105 | + |
| 106 | +|Name |Description |Support scope |Supported by |Learn more | |
| 107 | +|---------|---------|---------|---------|---------| |
| 108 | +| **Splunk** | Send Defender for IoT alerts to Splunk | - OT networks <br>- Cloud connected sensors | Microsoft | [Stream Microsoft Defender for IoT alerts to a 3rd party SIEM](https://techcommunity.microsoft.com/t5/microsoft-defender-for-iot-blog/stream-microsoft-defender-for-iot-alerts-to-a-3rd-party-siem/ba-p/3581242) | |
| 109 | +|**Splunk** | Send Defender for IoT alerts to Splunk | - OT networks<br>- Locally managed sensors and on-premises management consoles | Microsoft | [Integrate Splunk with Microsoft Defender for IoT](tutorial-splunk.md) | |
| 110 | + |
32 | 111 |
|
33 | 112 | ## Next steps |
34 | 113 |
|
|
0 commit comments