Leverage Your Existing Investments With Armis Integrations
Armis integrates easily with the tools you already have in your security ecosystem. Eliminate security siloes and blind spots. Leverage existing investments to achieve greater security, value and more automated response.
Alerts & Notifications
Atlassian Jira – Email Ticketing
Read MoreAtlassian Jira – Email Ticketing
Jira is a proprietary issue-tracking product developed by Atlassian that allows bug tracking and agile project management.
Use Cases
The Email Ticketing integration sends alerts by email to an email address associated with a ticketing system. This allows the user to configure an Armis automation flow, automatically raising tickets in Jira.
Exabeam
Read MoreExabeam
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Google Chronicle
Read MoreGoogle Chronicle
Chronicle is a cybersecurity telemetry platform for threat hunting, and threat intelligence and is part of the Google Cloud Platform. Chronicle stores log events it receives in two formats: either as the original raw log or structured Unified Data Model (UDM) log. There are two critical elements to consider for parsing, Unified Data Model (UDM) which defines the schema for parsing, and Configuration Based Normalizers (CBN) which describes how to log data is transformed to the UDM schema.
Chronicle Integration for Armis:
The Chronicle integration for Armis enables the transfer and parsing of Armis Alerts, Activities, Devices, and Vulnerabilities in the Chronicle. These parsed events can be utilized for search, reporting, and visualization workflows.
The ingestion script ingests the following 4 types of event categories:
- Armis Alerts
- Armis Activities
- Armis Devices
- Armis Vulnerabilities
LogRhythm
Read MoreLogRhythm
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Microsoft Azure Sentinel
Read MoreMicrosoft Azure Sentinel
The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.
The integration is provided as an Azure Marketplace App available here.
QRadar
Read MoreQRadar
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
ServiceNow Armis Security Incident
Read MoreServiceNow Armis Security Incident
Import Armis Alerts as ServiceNow Security Incidents.
The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more.
- Open tickets automatically for unmanaged, IoT, OT, medical device incidents
- Import Security Incidents in near real-time
- Triage, prioritize, and close Armis Alerts from ServiceNow
- Stop threats efficiently with policy-based enforcements Use Cases
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and update incidents for greater accuracy and efficiency.
- Import Armis Alerts as ServiceNow Security Incidents.
- Guided Setup and Embedded Help articles provide intuitive user experience.
- Integration Dashboards help contextualize and prioritize Armis Alerts.
ServiceNow Incident Integration
Read MoreServiceNow Incident Integration
The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Use Cases
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IT, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.
ServiceNow Ticketing
Read MoreServiceNow Ticketing
Armis sends alert information to the ServiceNow platform for incident workflow and remediation.
Learn more about our integration with ServiceNowServiceNow Vulnerability Response
Read MoreServiceNow Vulnerability Response
Import Armis Device Vulnerabilities into ServiceNow
Armis is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems. Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.
Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there–and what’s not.
When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.
Use Cases
- ServiceNow Operational Technology (OT) Certified
- Compatible with ServiceNow OT VR
- Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
- Prioritize device vulnerabilities to aid remediation efforts
- Automatically close stale Vulnerabilities
- Cross customer data to provide increased threat intelligence
- Designed to be fully compatible with the Service Graph Connector for Armis
- Guided Setup helps you get up and running quickly
- Support your Operational Technology OT VR workflows alongside IT VR
Siemplify
Read MoreSiemplify
Armis and Siemplify enable organizations to take action automatically to protect critical information and systems.
Splunk
Read MoreSplunk
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Sumo Logic
Read MoreSumo Logic
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Trellix Helix (FireEye)
Read MoreTrellix Helix (FireEye)
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Application Allowlisting
Airlock Digital
Read MoreAirlock Digital
The Airlock Digital platform is a cybersecurity solution that focuses on application whitelisting and control. It helps organizations prevent unauthorized applications from running on their systems, improving their security posture. The platform provides a centralized management console for creating and managing application whitelists, as well as monitoring and reporting on application usage.
Asset & System Management
Absolute
Read MoreAbsolute
Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.
Airgap
Read MoreAirgap
Airgap provides asset discovery for every device on your network, ML-driven network threat and performance monitoring at scale. And unlike “”observer” solutions, Airgap can take instant action to remedy risks.
This integration fetches useful information from the Airgap assets. The integration uses the Airgap rest API to fetch the information from the Airgap assets.
Use Cases
Device data enrichment:
- Full visibility of all Airgap assets
- Correlation of Airgap assets with other data sources (such as Active Directory, WLCs)
Compliance:
- The Creation Time and the Last Seen Time of the Airgap assets
Alaris Medical
Read MoreAlaris Medical
The Alaris Integration provides full visibility into the Alaris system for inventory, security and utilization
Use Cases
- Ingest the Alaris Server configuration
- Provide full device identification – S/N, model, FW
- Show utilization & operational activity
BACnet
Read MoreBACnet
BACnet is a communication protocol for building automation and control (BAC) networks.
Use Cases
- Security and operational
The BACnet integration is automatically enabled for Armis customers
BigFix
Read MoreBigFix
BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
BMC Helix Configuration Management Database (CMDB)
Read MoreBMC Helix Configuration Management Database (CMDB)
The BMC Helix Configuration Management Database (CMDB) enriches ecosystem workflow with a business aware, single source of reference for your assets and services.
Use Cases
- Retrieve detailed information about BMC CMDB-inventory CIs
- Enrichment of existing Armis devices with data exposed by BMC CMDB
Chef
Read MoreChef
The integration between Armis and Chef helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Case
Retrieve detailed information on Chef managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with Chef security policies by discovering the following:
- Missing or malfunctioning Chef agents
- Chef agents running out-of-date software versions
- Devices that are not running a Chef agent
- Identify the last logged-in device user
Cisco Cyber Vision
Read MoreCisco Cyber Vision
Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments
Cisco Secure Workload
Read MoreCisco Secure Workload
Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.
This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.
Cisco UCS
Read MoreCisco UCS
The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.
This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.
Cisco Umbrella
Read MoreCisco Umbrella
Cisco Umbrella is a cloud-delivered security service that provides comprehensive threat intelligence and protection against internet-based threats. It uses DNS and IP layer enforcement to prevent connections to malicious sites before a connection is ever established. Cisco Umbrella also offers secure web gateway capabilities, cloud-delivered firewall, and interactive threat intelligence, making it a robust solution for securing enterprise networks.
The integration between Armis and Cisco Umbrella further enhances customers capabilities by leveraging asset management data as a data source.
Cisco Vulnerability Management (Formerly Kenna)
Read MoreCisco Vulnerability Management (Formerly Kenna)
Cisco Vulnerability Management (Formerly Kenna) is a vulnerability management platform. The platform allows customers to bring data from multiple vendors. It uses various techniques to assess, prioritize, and predict risk.
Armis’s integration transforms Armis data about devices and associated vulnerabilities into Kenna Data Importer (KDI) files and pushes the files to Kenna’s Armis Connector.
Users can apply Armis Standard Query ASQ filters when fetching device information.
The integration requires an Armis Asset Vulnerability Management (AVM) license.
ConnectWise Automate
Read MoreConnectWise Automate
ConnectWise Automate is a comprehensive remote monitoring and management (RMM) software designed to streamline IT service delivery and enhance the efficiency of IT operations. Its robust features include remote control, patch management, asset management, automated ticketing, and extensive reporting capabilities. These features help MSPs manage complex networks and deliver reliable IT support to their clients. This provides a fully integrated identity lifecycle with device management, patch management, and system insights across Apple, Windows, and Linux operating systems.
The integration between Armis and ConnectWise Automate further enhances customer capabilities by leveraging asset management data as a data source.
Cradlepoint NetCloud
Read MoreCradlepoint NetCloud
Cradlepoint’s NetCloud Manager is a network service management software platform that uses wireless cellular routers to allow its users to harness the power of LTE and 5G cellular networks to grant access to their network and ensure the security of the network and its users.
CSV
Read MoreCSV
Upload CSV data to manually import new assets or add asset attributes for contextual analysis.
Device42
Read MoreDevice42
Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Device42.
Dynatrace
Read MoreDynatrace
Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.
This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.
Use Cases
- Device data enrichment:
- Full visibility of all Dynatrace OneAgent-managed devices.
- Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).
Compliance
- The State of Dynatrace OneAgent-managed devices.
- Monitoring Mode of the Dynatrace OneAgent-monitored devices.
- View the last time the device was seen.
Elastic Defend
Read MoreElastic Defend
Elastic Defend provides organizations with prevention, detection, and response capabilities with deep visibility for EPP, EDR, SIEM, and Security Analytics use cases across Windows, macOS, and Linux operating systems running on both traditional endpoints and public cloud environments.
Use Cases
Device data enrichment:
- Full visibility of all Elastic Defend endpoints.
- Correlation of Elastic Defend devices with other data sources (such as Active Directory, WLCs).
Compliance:
- The criticality and Active status of Elastic Defend managed devices.
- View the last time the device was seen.
Eseye
Read MoreEseye
Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.
Use Cases
- Discover and display insights of any Eseye connected IoT device
Flexera One
Read MoreFlexera One
Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.
The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.
Flexera Spider
Read MoreFlexera Spider
Flexera Spider provides IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.
Armis utilizes this integration to enrich the device inventory with information received from Flexera Spider.
Forcepoint DLP
Read MoreForcepoint DLP
Forcepoint Data Loss Prevention (DLP) is a security solution designed to protect sensitive data from unauthorized access and breaches. It identifies, classifies, and monitors data across various environments, enforcing policies to ensure compliance and data integrity.
By analyzing user behavior and providing real-time protection, Forcepoint DLP helps prevent data loss incidents. It is essential for organizations to safeguard critical information and maintain regulatory compliance.
This integration collects information from endpoints, using the Forcepoint DLP database to retrieve the information.
Use Cases
Device data enrichment:
- Full visibility of all Forcepoint DLP endpoints.
- Correlation of Forcepoint DLP endpoints with other data sources (such as Active Directory and WLCs).
Compliance:
- The criticality status of Forcepoint DLP managed devices.
- The Active status of Forcepoint DLP managed devices.
- View the last seen timestamp of the device.
Google Endpoint Manager – ChromeOS
Read MoreGoogle Endpoint Manager – ChromeOS
Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.
The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
IEEE – Organizationally Unique Identifier (OUI)
Read MoreIEEE – Organizationally Unique Identifier (OUI)
(Organizational Unique Identifier) The part of the MAC address that identifies the vendor of the network adapter. The OUI is the first three bytes of the six-byte field and is administered by the IEEE.
Use Cases
- Assists in identifying assets by manfactuturer, type and category
The OUI integration is automatically enabled for Armis customers
Ivanti Endpoint Management (Landesk)
Read MoreIvanti Endpoint Management (Landesk)
Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.
Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.
Use Cases
- Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
- View the last inventory scan time of devices.
- View the last login time of devices.
Ivanti Neurons for MDM
Read MoreIvanti Neurons for MDM
Ivanti Neurons for MDM offers a robust mobile device management (MDM) solution designed to assist organizations in administering and safeguarding various mobile devices, such as smartphones, tablets, and computers. This unified management platform is compatible with a range of operating systems, including iOS, Android, macOS, ChromeOS, and Windows, allowing for seamless device management across diverse ecosystems.
Use Cases
Device data enrichment:
- Full visibility of all Ivanti Neurons for MDM devices.
- Correlation of Ivanti Neurons for MDM devices with other data sources (such as Active Directory and WLCs).
- Data related to network interfaces associated with the devices.
- Additional data related to applications associated with the devices.
User data enrichment:
- Full visibility of all Ivanti Neurons for MDM users.
Compliance:
- View the last check-in time of the Ivanti Neurons for MDM devices.
Jamf
Read MoreJamf
Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.
Use Cases
Provide detailed profile information on all Jamf managed devices, including:
- Last Check-in date
- Device name
- Network information
- Warranty status, etc.
- The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)
Verify device compliance with JAMF policies by detecting:
- Missing or malfunctioning Jamf agents
- Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed
- Identify the last logged-in device user
Jumpcloud
Read MoreJumpcloud
JumpCloud provides secure, frictionless device and identity management. This gives a fully integrated identity lifecycle with multi-factor authentication, mobile device management, patch management, and system insights across Apple, Windows, and Linux operating systems. The integration between Armis and JumpCloud helps with asset management for identification, analysis, and risk assessment purposes.
Kaseya VSA
Read MoreKaseya VSA
Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.
Use Cases
- Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
- Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
- Identify the last logged-in device user.
Lansweeper
Read MoreLansweeper
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes.
LMNTRIX
Read MoreLMNTRIX
Lmntrix provides continuous monitoring and on-demand analysis of your network, helping you to prevent cyber attacks. The integration between Armis and Lmntrix further enhances customer capabilities by leveraging asset management data as a data source.
- Device data enrichment.
- Full visibility of all Lmntrix managed device profile information, such as the Last check-in date, device name, network information, and status.
- Full visibility of the entire Lmntrix asset inventory.
ManageEngine – Endpoint Central
Read MoreManageEngine – Endpoint Central
ManageEngine Endpoint Central is a Unified Endpoint Management (UEM) and security software that comprehensively addresses the requirements of IT administrators. It helps IT administrators to perform patch management, software deployment, OS deployment and take remote control to troubleshoot devices. And with the help of endpoint security features, which includes vulnerability assessment, application control, device control, BitLocker management and browser security, IT administrators can safeguard their network endpoints. Furthermore, Endpoint Central integrates seamlessly with ManageEngine and other third-party solutions.
Use Cases
Device data enrichment:
- Full visibility of all ManageEngine Endpoint Central managed devices
- Correlation of ManageEngine Endpoint Central managed devices with other data sources (such as Active Directory, WLCs).
Compliance:
- The state of ManageEngine Endpoint Central managed devices
- The scan status of the ManageEngine Endpoint Central managed devices
- The agent status of the ManageEngine Endpoint Central managed devices
- View the last time the device was seen
Microsoft Active Directory
Read MoreMicrosoft Active Directory
Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.
Use Cases
Retrieve detailed information on all Active Directory users and machines
- The retrieved information is correlated with other data sources.
- Identify user access by device and timeline
- Fetch the details about user access per machine
- Obtain the status of each account
- Add third-party integrations to identify the last logged in user by device
Verify compliance with Active Directory security policies by detecting the following:
- Computers with the AD Account disabled
- Computer accounts with the AD Password set to Not Required or Never Expire
- Computers that are not configured to require any pre-authentication
Microsoft Endpoint Manager (Intune)
Read MoreMicrosoft Endpoint Manager (Intune)
Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Microsoft Entra (formerly Azure AD)
Read MoreMicrosoft Entra (formerly Azure AD)
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.
Use Cases
- Enrichment of existing Armis devices with data exposed by Azure AD.
Compliance
- Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
- Associate users to devices.
- Ability to view the last logged-in device user.
Microsoft Hyper-V
Read MoreMicrosoft Hyper-V
Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.
This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.
Use Cases
Device data enrichment:
- Full visibility of all Microsoft Hyper-V managed VMs and Hosts
- Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)
Compliance:
- The creation time of Microsoft Hyper-V VMs
Microsoft System Center Configuration Manager (SCCM) & Bitlocker
Read MoreMicrosoft System Center Configuration Manager (SCCM) & Bitlocker
Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.
Use Cases
- Gain full application visibility on managed SCCM devices, including offline applications.
- Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
- Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.
Mosyle MDM
Read MoreMosyle MDM
Mosyle is a leading solution designed to empower educational institutions and businesses with seamless device management, security, and productivity features. Developed primarily for Apple devices, including iPhones, TVs, and Mac computers, Mosyle provides a comprehensive platform to efficiently manage large fleets of devices while optimizing the end-user experience.
This integration collects information for different types of devices such as iOS, Mac, and tvOS from Mosyle. It uses the Mosyle Devices API endpoint to get the information.
Use Cases
Device data enrichment:
- Full visibility of different types of Mosyle devices.
- Additional data related to network interfaces associated with the devices.
- Correlation of Mosyle devices with other data sources (such as Active Directory, WLCs).
- View the last time the device was seen.
Nautobot
Read MoreNautobot
The integration between Armis and Nautobot helps customers with asset management as a data source for identification, network analysis, and risk-assessment purposes.
Netbox
Read MoreNetbox
The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Cases
- Provide detailed information on all NetBox related devices and correlate it with other data sources.
NetBrain
Read MoreNetBrain
NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.
NinjaOne
Read MoreNinjaOne
NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.
Use Cases
- Device data enrichment:
- Full visibility of all NinjaOne-managed devices
- Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)
Nutanix Prism
Read MoreNutanix Prism
Nutanix Prism is the control plane that simplifies and streamlines common workflows to make hypervisor and VM setup as easy as checking your email. This integration will fetch from the Prism API all information on the running VMs and Hosts in the environment.
Use Cases
- Provide detailed information on all Nutanix Prism-related devices and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
Nuvolo
Read MoreNuvolo
Notice: Undefined index: label in /nas/content/live/armisinc/wp-content/themes/armis/options/shortcodes.php on line 39
Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.
Use Cases
Enrich existing Armis devices with data exposed by Nuvolo:
- Asset Tag
- Asset State
- Operation Status
- Owning Department
- Install Date
- Is Critical
- End of Support
- End of Life
Verify compliance with Nuvolo policies by detecting:
- Missing or malfunctioning Nuvolo agents
- Nuvolo agents running out-of-date software versions
- Devices that are not running a Nuvolo agent, such as:
- Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.
- Push/send device interaction data to CMMS for use in displaying device dependency visualizations.
- Identify the last logged-in device user.
Phosphorus
Read MorePhosphorus
Phosphorus is an asset inventory and patch-management tool in OT.
The Phosphorus integration enables Armis users to view, consume, and leverage basic asset profile data from Phosphorus.
Puppet
Read MorePuppet
Puppet is an open source software configuration management and deployment tool.
Use Cases
- Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications
Quest KACE
Read MoreQuest KACE
Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.
Use Cases
- Device data enrichment:
- Full visibility of all Quest KACE managed devices
- Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)
Radia Endpoint Manager
Read MoreRadia Endpoint Manager
Radia is Endpoint Manager software that provides a unified way for organizations to manage constellation of endpoints, including PCs, servers, smartphones, thin clients, and VDIs to industry-specific devices such as ATMs, POS devices, and medical devices, from a single-pane-of-glass console.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Red Hat Satellite
Read MoreRed Hat Satellite
Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Red Hat Satellite
Rockwell AssetCentre
Read MoreRockwell AssetCentre
Rockwell AssetCentre software is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information.
AssetCentre allows the organization to manage all existing Rockwell assets across the environment.
Armis integrates with AssetCentre to enrich existing devices with the info pulled from the AssetCentre server. Among the existing types of info that are available through the integration are:
- Identification of the Asset
- Enrichment of the Asset with basic profile fields such as network identifiers, model, and hostname
Rockwell ThinManager
Read MoreRockwell ThinManager
Rockwell ThinManager is a centralized platform allowing the organization to easily manage all existing ThinClients across the environment.
Armis integrates with ThinManager by using its API and enriches existing devices by the info pulled from the ThinManager server. Among the existing types of info that are available through the integration are:
- Identifying an Asset as a ThinClient and pulling basic profile info such as network identifiers, model, and hostname.
SaltStack
Read MoreSaltStack
SaltStack, also known as Salt, is a configuration management and orchestration tool.
Use Cases
- Provide detailed information on all SaltStack related devices and correlate it with other data sources
- Retrieve the details about the operating system running on a device
Saviynt Enterprise Identity Cloud
Read MoreSaviynt Enterprise Identity Cloud
Saviynt Enterprise Identity Cloud is a cloud identity and access governance platform.
Armis utilizes this integration to enrich the device inventory with device and application information.
Schneider Electric Ecostuxure
Read MoreSchneider Electric Ecostuxure
Connect to an EcoStruxure Building Operation Enterprise Server
ServiceNow (Pull)
Read MoreServiceNow (Pull)
ServiceNow is a cloud-based software platform for IT Service Management (ITSM) that helps automate IT Business Management. It is designed based on ITIL guidelines to provide service orientation for tasks, activities, and processes.
Armis utilizes this integration to enrich the device inventory with device and user information.
Use Cases
- Retrieve detailed information on assets that are inventoried in ServiceNow
- Enrichment of existing Armis devices with data exposed by ServiceNow
- Identify assets discovered by Armis but not known to ServiceNow
ServiceNow CMDB
Read MoreServiceNow CMDB
Armis sends device information to the ServiceNow CMDB.
Learn more about our integration with ServiceNowSnow Software
Read MoreSnow Software
Snow Software Asset Management (Atlas) is a software inventory management tool that utilizes API Integrations and the Snow Agent to collect up-to-date software inventory.
Armis utilizes this integration to enrich the device inventory with device and application information.
Use Cases
- Retrieve detailed information on devices that are managed by Snow
- Enrichment of existing Armis devices with data exposed by Snow
SolarWinds Orion
Read MoreSolarWinds Orion
SolarWinds Orion is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.
Use Cases
Device data enrichment:
- Full visibility of all the devices from SolarWinds Orion for the following:
- Devices Managed as a Node
- Cloud Instances for AWS and Azure Cloud Providers
- Additional data related to the Server and Applications as well as Network Interfaces with Server
- Application (SAM)/Server Configuration Monitor (SCM) modules of SolarWinds Orion
- Correlation of SolarWinds Orion managed devices with other data sources (such as Active Directory, WLCs)
Compliance:
- The status of SolarWinds Orion managed devices
- The states of the Cloud managed devices
- View the last sync time of the devices
SolarWinds Web Helpdesk
Read MoreSolarWinds Web Helpdesk
SolarWinds Web Helpdesk helps you to automate the process of asset discovery, tracking, and reporting of your hardware and software assets. Assign an asset to a specific user and get a granular view of a computer’s hardware and software.
SOTI MobiControl
Read MoreSOTI MobiControl
SOTI MobiControl is a Enterprise Mobility Management (EMM) solution that provides visibility and control over where your business-critical mobile devices are, what they’re doing, how they’re performing, and what security or compliance risks they’re facing.
Deploy apps to smartphones. Enroll and provision new tablets in the field. Track the location of rugged devices. Identify and neutralize security risks to the Internet of Things (IoT) endpoints. Protect critical data stored on mobile devices. Minimize device downtime so field workers stay productive.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Symantec Asset Management Suite (Altiris)
Read MoreSymantec Asset Management Suite (Altiris)
Symantec Asset Management Suite (formerly named Altiris) improves visibility into IT assets at every point in the lifecycle to reduce costs and fulfil compliance initiatives.
This integration collects information related to assets from the Symantec Asset Management instance. It uses the Database to get the information from the different tables available in the database.
Use Cases
Device data enrichment:
- Full visibility of all the devices from Symantec Asset Management
- Additional data related to network interfaces and the applications associated with the devices
- Correlation of Symantec Asset Management devices with other data sources (such as Active Directory, WLCs)
- View the last agent communication time of the devices
Tanium Asset
Read MoreTanium Asset
Tanium Asset provides a comprehensive inventory of hardware and software assets across your environment. This integration provides detailed profile information on all Tanium Asset devices.
Use Cases
- Enrichment of existing Armis devices with data exposed by Tanium Asset.
- Device identification and inventory of installed applications.
- User-to-Device association.
Tanium Discover
Read MoreTanium Discover
Tanium Discover shows the hostname, MAC and IP addresses, device manufacturer, OS, open ports/applications and historical information such as the first and last time the unmanaged asset was seen on the network.
Use Cases
- Enrichment of existing Armis devices with data exposed by Tanium Discover.
Compliance
- Detection of unmanaged devices that are capable of being managed by Tanium. Detection of unmanageable devices.
Tanium Interact
Read MoreTanium Interact
The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.
Use Cases
- Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
- Compliance:
- Detection of missing or malfunctioning Tanium Interact agents
- Detection of Tanium Interact agents running out-of-date software versions
- Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
- Ability to view the last logged-in device user
Vectra
Read MoreVectra
The Vectra Platform provides AI-driven threat detection and response for hybrid and multi-cloud environments. Vectra leverages patented Security AI to pinpoint attacker methods, prioritize threats, and automate response controls. Using the Vectra Platform, you gain unified attack visibility, context across public clouds, SaaS, identities, networks, and endpoints, as well as controls to respond effectively immediately.
Use Cases
- Analyze security gaps – ensure Vectra covers all assets and understand the health of the Vectra platform
- Enrichment of existing Armis devices with data exposed by Vectra
Viakoo
Read MoreViakoo
Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.
Use Cases
- Retrieve detailed information on all Viakoo related devices
- The information includes Service Date, Compliance Status, Priority, Availability, and more
- The information is correlated with other data sources
- Use data exposed by Viakoo to create new devices in the Armis Platform
VMware vCenter / ESXi
Read MoreVMware vCenter / ESXi
- Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
VMware Workspace ONE
Read MoreVMware Workspace ONE
VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Asset Inventory
Absolute
Read MoreAbsolute
Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.
Amazon Web Services (AWS)
Read MoreAmazon Web Services (AWS)
Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
Use Cases
Device data enrichment:
- Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.
Compliance:
- Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).
Aruba Instant
Read MoreAruba Instant
Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba WLC
Read MoreAruba WLC
Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Use Cases
Device Enrichment – view, search and visualize:
- Access points & switches managed by Aruba WLC
- Wireless Clients
- Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
- Visibility: View current and historic wireless connections between devices and access points
- Define policies on abnormal connections
- Detect rogue access points
AWS Security Hub
Read MoreAWS Security Hub
AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation.
VIPR Pro ingests Security Hub findings and associates them with deduplicated cloud asset and resource profiles to automate prioritization based on security risk and business impact and operationalize the process of remediating critical findings.
BigFix
Read MoreBigFix
BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
BlueCat DHCP
Read MoreBlueCat DHCP
BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
- Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.
Check Point Harmony (Sandblast)
Read MoreCheck Point Harmony (Sandblast)
Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.
Use Cases
- Device data enrichment
- Full visibility of all Check Point Harmony Endpoint managed devices
- Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)
Compliance
- The compliance status of Check Point Harmony Endpoint managed devices
- Isolation status of Check Point Harmony Endpoint managed devices
- View the groups in which the devices are located
- View the last time the device was accessed
Cisco ASA
Read MoreCisco ASA
The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.
Use Cases
- Retrieve information on all Cisco ASA devices and correlate it with other data sources.
- Collect information of the operating system running on the device.
Cisco Catalyst WLC
Read MoreCisco Catalyst WLC
A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.
Use Cases
- Retrieve information on all Cisco WLC devices and correlate it with other data sources.
Cisco Meraki
Read MoreCisco Meraki
Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.
Learn more about our integration with Cisco MerakiDevice42
Read MoreDevice42
Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Device42.
Dynatrace
Read MoreDynatrace
Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.
This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.
Use Cases
- Device data enrichment:
- Full visibility of all Dynatrace OneAgent-managed devices.
- Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).
Compliance
- The State of Dynatrace OneAgent-managed devices.
- Monitoring Mode of the Dynatrace OneAgent-monitored devices.
- View the last time the device was seen.
EfficientIP SOLIDserver DDI
Read MoreEfficientIP SOLIDserver DDI
EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.
Eseye
Read MoreEseye
Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.
Use Cases
- Discover and display insights of any Eseye connected IoT device
Extreme WLC
Read MoreExtreme WLC
Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.
Flexera One
Read MoreFlexera One
Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.
The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.
FortiGate
Read MoreFortiGate
Fortinet’s FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies
Use Cases
- Retrieve detailed information on all Fortinet Fortigate related devices in the Armis Platform and correlate them with other data sources
- Identify logged-in users
Google Endpoint Manager – ChromeOS
Read MoreGoogle Endpoint Manager – ChromeOS
Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.
The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Hewlett Packard (HP) WLC
Read MoreHewlett Packard (HP) WLC
The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.
Use Cases
- Provide detailed information on HP WLC equipment, including its identification and profile
- Collect information on HP WLC-managed Access Points (APs)
- Fetch detailed information on Clients (endpoints) that connect to Access Points.
- Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
- Map which endpoints are connected to which APs in the network
Illumio
Read MoreIllumio
Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Illumio.
Ivanti Endpoint Management (Landesk)
Read MoreIvanti Endpoint Management (Landesk)
Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.
Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.
Use Cases
- Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
- View the last inventory scan time of devices.
- View the last login time of devices.
Jamf
Read MoreJamf
Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.
Use Cases
Provide detailed profile information on all Jamf managed devices, including:
- Last Check-in date
- Device name
- Network information
- Warranty status, etc.
- The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)
Verify device compliance with JAMF policies by detecting:
- Missing or malfunctioning Jamf agents
- Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed
- Identify the last logged-in device user
Kaseya VSA
Read MoreKaseya VSA
Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.
Use Cases
- Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
- Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
- Identify the last logged-in device user.
Malwarebytes
Read MoreMalwarebytes
Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.
Use Case
- Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.
Microsoft Active Directory
Read MoreMicrosoft Active Directory
Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.
Use Cases
Retrieve detailed information on all Active Directory users and machines
- The retrieved information is correlated with other data sources.
- Identify user access by device and timeline
- Fetch the details about user access per machine
- Obtain the status of each account
- Add third-party integrations to identify the last logged in user by device
Verify compliance with Active Directory security policies by detecting the following:
- Computers with the AD Account disabled
- Computer accounts with the AD Password set to Not Required or Never Expire
- Computers that are not configured to require any pre-authentication
Microsoft Azure
Read MoreMicrosoft Azure
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
Use Cases
- Provide detailed information on Microsoft Azure VMs.
- Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).
Microsoft DHCP
Read MoreMicrosoft DHCP
Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
- Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.
Microsoft Endpoint Manager (Intune)
Read MoreMicrosoft Endpoint Manager (Intune)
Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Microsoft Entra (formerly Azure AD)
Read MoreMicrosoft Entra (formerly Azure AD)
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.
Use Cases
- Enrichment of existing Armis devices with data exposed by Azure AD.
Compliance
- Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
- Associate users to devices.
- Ability to view the last logged-in device user.
Netbox
Read MoreNetbox
The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Cases
- Provide detailed information on all NetBox related devices and correlate it with other data sources.
NetBrain
Read MoreNetBrain
NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.
Network Mapper
Read MoreNetwork Mapper
Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.
Use Cases
- Identify network equipment
- Retrieve ARP tables
NinjaOne
Read MoreNinjaOne
NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.
Use Cases
- Device data enrichment:
- Full visibility of all NinjaOne-managed devices
- Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)
Okta
Read MoreOkta
Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.
Use Cases
- Provide detailed device information and correlate it with other data sources
- Retrieve and collect user data
- Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory
Oracle
Read MoreOracle
The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.
Puppet
Read MorePuppet
Puppet is an open source software configuration management and deployment tool.
Use Cases
- Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications
Quest KACE
Read MoreQuest KACE
Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.
Use Cases
- Device data enrichment:
- Full visibility of all Quest KACE managed devices
- Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)
Red Hat Satellite
Read MoreRed Hat Satellite
Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Red Hat Satellite
Rockwell Engineering Workstation (EWS)
Read MoreRockwell Engineering Workstation (EWS)
Rockwell Automation is a provider of industrial automation and information technology.
Use Cases
- Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
- Provide enhanced information on slots and nested devices
SaltStack
Read MoreSaltStack
SaltStack, also known as Salt, is a configuration management and orchestration tool.
Use Cases
- Provide detailed information on all SaltStack related devices and correlate it with other data sources
- Retrieve the details about the operating system running on a device
ServiceNow CMDB
Read MoreServiceNow CMDB
Armis sends device information to the ServiceNow CMDB.
Learn more about our integration with ServiceNowSiemens Engineering Workstation (EWS)
Read MoreSiemens Engineering Workstation (EWS)
Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.
The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial Control Systems (ICS) environment is now possible.
Use Cases
- Fast enrichment of Siemens devices using Siemens Software Engineering files
- Full inventory information enrichment of existing devices-profile, modules information, etc.
- Creation of nested devices not visible to Armis through traffic inspection
Switch/SPAN
Read MoreSwitch/SPAN
Use Cases
- Inspect traffic
- Monitor activities
- Track connections
- Provide relevant data for accurate device identification
- Assist in user association
Viakoo
Read MoreViakoo
Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.
Use Cases
- Retrieve detailed information on all Viakoo related devices
- The information includes Service Date, Compliance Status, Priority, Availability, and more
- The information is correlated with other data sources
- Use data exposed by Viakoo to create new devices in the Armis Platform
VMware vCenter / ESXi
Read MoreVMware vCenter / ESXi
- Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
VMware Workspace ONE
Read MoreVMware Workspace ONE
VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Wiz
Read MoreWiz
Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Retrieve detailed information on cloud resources that are seen by Wiz
- Enrichment of existing Armis devices with data exposed by Wiz
Zscaler
Read MoreZscaler
Armis and Zscaler integrate to retrieve detailed information about Zscaler-managed devices, users, and network traffic, and correlate it with other sources.
Automation
Torq
Read MoreTorq
The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.
Use Case
Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.
These complementary abilities enable the following—and more:
- Automatic enforcement of endpoint-agent coverage
- Faster threat mitigation and threat remediation
- Reducing risks through orchestrated vulnerability response and vulnerability remediation
Cloud Services
Amazon Web Services (AWS)
Read MoreAmazon Web Services (AWS)
Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
Use Cases
Device data enrichment:
- Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.
Compliance:
- Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).
AWS Security Hub
Read MoreAWS Security Hub
AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation.
VIPR Pro ingests Security Hub findings and associates them with deduplicated cloud asset and resource profiles to automate prioritization based on security risk and business impact and operationalize the process of remediating critical findings.
Google Cloud Platform (GCP)
Read MoreGoogle Cloud Platform (GCP)
GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.
Use Cases
- Retrieve information on GCP related devices, including their identification and operating system details.
Lacework
Read MoreLacework
Lacework provides data-driven cloud security at scale.
VIPR Pro ingests, normalizes and deduplicates Lacework workload, cloud service, cloud infrastructure, container and image vulnerability, run-time and misconfigurations alerts to automate prioritization of findings based on security risk and enriched asset profiles, and operationalize the remediation lifecycle with automated ownership assignment.
Microsoft Azure
Read MoreMicrosoft Azure
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
Use Cases
- Provide detailed information on Microsoft Azure VMs.
- Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).
Netskope
Read MoreNetskope
Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.
Use Cases
- Enrichment of existing Armis devices with data exposed by Netskope.
Oracle
Read MoreOracle
The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.
Orca
Read MoreOrca
Orca Security secures enterprise multi-cloud environments at scale.
VIPR Pro ingests Orca findings, enriches prioritization based on asset profile, business risk weighting and root cause analysis, and operationalizes the cloud security remediation lifecycle – from Wiz findings to ownership assignment, remediation status and trend reporting.
Palo Alto Prisma Access
Read MorePalo Alto Prisma Access
Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.
Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.
Prisma Access has to be configured to send HIP reports to Panorama for this to work
Wiz
Read MoreWiz
Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Retrieve detailed information on cloud resources that are seen by Wiz
- Enrichment of existing Armis devices with data exposed by Wiz
Collaboration
Freshservice
Read MoreFreshservice
Freshservice is the intelligent service management solution.
VIPR Pro supports bidrectional integration with Freshservice for: automating ticket generation with renmediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.
Linear
Read MoreLinear
Linear is an issue tracking and project management tool for companies to build their products better.
VIPR Pro supports bidrectional integration with ManageEngine ServiceDesk for: automating ticket generation with renmediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.
ManageEngine ServiceDesk
Read MoreManageEngine ServiceDesk
ServiceDesk Plus is a service management solution that combines IT service management, IT asset management, and CMDB with enterprise service management capabilities.
VIPR Pro supports bidrectional integration with ManageEngine ServiceDesk for: automating ticket generation with renmediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.
Slack
Read MoreSlack
Slack is a cloud-based team communication platform.
VIPR Pro supports bidirectional integration with Slack to: faciliate communication between security teams and remediation stakeholders; operationalize remediation actions and workflows.
Zendesk
Read MoreZendesk
Zendesk provides software-as-a-service products related to customer support, sales, and other customer communications.
VIPR Pro supports bidrectional integration with Zendesk: automating ticket generation with remediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.
Developer Security
Checkmarx
Read MoreCheckmarx
Checkmarx streamlines organizations’ DevSecOps, enabling organizations to identify and remediate vulnerabilities.
VIPR Pro ingests, normalizes, deduplicates and contextualizes Checkmarx application security and code package vulnerability alerts to: prioritize findings based on security risk, exploitability and business impact; operationalize remediation workflows for application security and developer teams.
CircleCI
Read MoreCircleCI
CircleCI is a continuous integration and continuous delivery platform that can be used to implement DevOps practices.
VIPR Pro integrates with CircleCI to: inventory code repository assets; monitor and track CI/CD activity to understand ownership and responsibility for code assets; augment organizational structure mapping with asset ownership information.
CyCode
Read MoreCyCode
Cycode delivers a complete Application Security Posture Management (ASPM) platform.
VIPR Pro integrates with Cycode to ingest, normalize,deduplicate and correlate Application Security Posture Management findings for prioritization and remediation.
GitHub
Read MoreGitHub
GitHub is a developer platform that allows developers to create, store, manage and share their code.
VIPR Pro integrates with GitHub to: inventory code repository assets; discover GitHub users for organizational structure mappings and automate code ownership assignment; identify and incorporate code snippets as part of the remediation workflows.
GitHub Enterprise
Read MoreGitHub Enterprise
GitHub Enterprise Server is a self-hosted platform for software development within organizations.
VIPR Pro integrates with GitHub Enterprise to: inventory code repository assets; discover GitHub users for organizational structure mappings and automate code ownership assignment; maintain assoictaion between vulnerability findings and images; identify and incorporate code snippets as part of the remediation workflows; ingest and normalize Dependabot findings.
GitLab
Read MoreGitLab
GitLab helps companies manage the growing complexities of developing, securing, and deploying software.
VIPR Pro integrates with GitLab to: inventory code repository assets; discover gGtLab users for organizational structure mappings and automate code ownership assignment; maintain assoictaion between vulnerability findings and images; identify and incorporate code snippets as part of the remediation workflows.
Microsoft Azure DevOps
Read MoreMicrosoft Azure DevOps
Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.
VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.
Semgrep
Read MoreSemgrep
Semgrep guides developers towards secure by default practices.
VIPR Pro ingests, normalizes and deduplicates code vulnerability and application security issues alerts generated by Semgrep to: prioritize findings based on contextualized risk and asset profiles, assign ownership for remediation fixes, and associate code snippets through automated ticketing task generation and tracking.
Snyk
Read MoreSnyk
Snyk is a developer security platform.
VIPR Pro ingests, normalizes and deduplicates code package and container vulnerability alerts generated by Snyk to prioritize findings based on contextualized risk and asset profiles, assign ownership for remediation fixes, and associate code snippets through automated ticketing task generation and tracking.
SonarSource SonarQube
Read MoreSonarSource SonarQube
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells.
VIPR Pro utilizes this integration to ingest alerts for Infrastructure as Code misconfigurations and code security issues, as well as asset-related data for inventorying code repositories. Use cases for the integration include:
- Normalize and deduplicate SonarQube alerts from to generate IaC misconfigurations findings
- Enrich code repository profiles with asset data provided by SonarQube
- Contextualize and prioritize IaC misconfiguration findings with asset priority scores based on SonarQube data
- Associate code snippets from SonarQube IaC alerts with findings to provide remediation owners with actionable and specific fix guidance.
Veracode
Read MoreVeracode
Veracode helps developers build and scale secure software from code to cloud with speed and trust.
VIPR Pro ingests, normalizes, deduplicates and contextualizes Veracode application security and code package vulnerability alerts to: prioritize findings based on security risk, exploitability and business impact; operationalize remediation workflows for application security and developer teams.
DHCP/DNS
BlueCat DHCP
Read MoreBlueCat DHCP
BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
- Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.
EfficientIP SOLIDserver DDI
Read MoreEfficientIP SOLIDserver DDI
EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.
Infoblox DDI Syslog
Read MoreInfoblox DDI Syslog
Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.
Use Cases
- Provide information on all Infoblox DDI related devices and correlate it with other data sources.
- Verify device compliance with Infoblox DDI policies:
- Detect devices missing vulnerability scans and patches
- Detect unmanaged devices
- Use correlation with other data sources to detect vulnerable software
- Verify user privileges
Microsoft DHCP
Read MoreMicrosoft DHCP
Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
- Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.
Endpoint Protection
BlackBerry Cybersecurity CylancePROTECT
Read MoreBlackBerry Cybersecurity CylancePROTECT
BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.
Use Cases
Retrieve detailed information on CylancePROTECT managed devices.
- The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.
Verify compliance with CylancePROTECT security policies by discovering the following:
- Missing or malfunctioning CylancePROTECT agents
- CylancePROTECT agents running out-of-date software versions
- Devices that are not running a CylancePROTECT agent
- Identify the last logged-in device user
Check Point Harmony (Sandblast)
Read MoreCheck Point Harmony (Sandblast)
Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.
Use Cases
- Device data enrichment
- Full visibility of all Check Point Harmony Endpoint managed devices
- Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)
Compliance
- The compliance status of Check Point Harmony Endpoint managed devices
- Isolation status of Check Point Harmony Endpoint managed devices
- View the groups in which the devices are located
- View the last time the device was accessed
Cisco Secure Endpoint
Read MoreCisco Secure Endpoint
Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.
CrowdStrike
Read MoreCrowdStrike
CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.
Use Cases
Retrieve detailed information on CrowdStrike managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with CrowdStrike security policies by discovering the following:
- Missing or malfunctioning CrowdStrike agents
- CrowdStrike agents running out-of-date software versions
- Devices that are not running a CrowdStrike agent
- Identify the last logged-in device user
Cybereason
Read MoreCybereason
Cybereason EDR provides comprehensive threat protection by continuously monitoring and analyzing activities to detect and neutralize ransomware, malware, fileless attacks, and in-memory threats.
Use Cases
Sensors data enrichment:
- Full visibility of all Cybereason EDR sensors.
- Correlation of Cybereason EDR sensors with other data sources (such as Active Directory, WLCs).
- Additional data related to network interfaces associated with the sensors.
Compliance:
- The First Seen and the Last Seen times of the Cybereason EDR sensors.
Malwarebytes
Read MoreMalwarebytes
Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.
Use Case
- Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.
McAfee ePO
Read MoreMcAfee ePO
McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.
Use Cases
- Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Microsoft Defender for Endpoint
Read MoreMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Palo Alto Cortex XDR
Read MorePalo Alto Cortex XDR
Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.
The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Palo Alto Prisma Cloud
Read MorePalo Alto Prisma Cloud
Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP
SentinelOne
Read MoreSentinelOne
The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.
Use Case
- Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
- Verify device compliance with Sentinel One policies by detecting:
- Missing or malfunctioning Sentinel One agents
- Sentinel One agents running out-of-date software versions
- Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
- Identify the last logged-in device user
Sophos Endpoint Protection (Intercept X)
Read MoreSophos Endpoint Protection (Intercept X)
Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.
The integration retrieves detailed information on Sophos Intercept X managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Symantec Endpoint Protection – Broadcom
Read MoreSymantec Endpoint Protection – Broadcom
Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.
Use Cases
- Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Taegis XDR
Read MoreTaegis XDR
Taegis XDR (formerly Secureworks Red Cloak Threat Detection & Response) is a threat-intelligence-based security analytics platform with built-in security context developed by Secureworks, a cybersecurity company. It offers advanced threat detection, investigation, and response capabilities across multiple endpoints, networks and cloud environments.
Use Cases
Endpoints data enrichment:
- Full visibility of all Taegis XDR endpoints.
- Correlation of Taegis XDR endpoints with other data sources (such as Active Directory, WLCs).
- Additional data related to Network Interfaces associated with the Endpoints.
Compliance:
- The Creation Time and the Last Seen Time of the Taegis XDR endpoints.
Trellix FireEye Endpoint Protection
Read MoreTrellix FireEye Endpoint Protection
Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.
Use Cases
- Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
- Verify compliance with FireEye security policies by discovering the following:
- Missing or malfunctioning FireEye agents
- FireEye agents running out-of-date software versions
- Devices that are not running a FireEye agent
- Identify the last logged-in device user
Trend Micro Apex One
Read MoreTrend Micro Apex One
Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.
The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Trend Micro Cloud One
Read MoreTrend Micro Cloud One
Utilize the Armis Trend Micro Deep Security Integration with the URL from your region described here https://cloudone.trendmicro.com/docs/identity-and-account-management/c1-regions/
Example for the US: https://workload.us-1.cloudone.trendmicro.com/
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Trend Micro Deep Security
Read MoreTrend Micro Deep Security
Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
VMware Carbon Black
Read MoreVMware Carbon Black
VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.
Use Cases
- Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
- Detect compliance of missing or malfunctioning Carbon Black Defense agents
- Detect Carbon Black Defense agents running out-of-date software versions
- Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
- Identify the last logged-in device user
Enforcement
Aruba ClearPass
Read MoreAruba ClearPass
Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.
Use Cases
- Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
- The retrieved information is correlated with other data sources
- Detect missing or malfunctioning agents
- Detect out-of-life or out-of-support agent versions
- Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass
Cisco ISE PxGrid
Read MoreCisco ISE PxGrid
Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.
Learn more about our integration with Cisco ISEDynatrace
Read MoreDynatrace
Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.
This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.
Use Cases
- Device data enrichment:
- Full visibility of all Dynatrace OneAgent-managed devices.
- Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).
Compliance
- The State of Dynatrace OneAgent-managed devices.
- Monitoring Mode of the Dynatrace OneAgent-monitored devices.
- View the last time the device was seen.
Forescout
Read MoreForescout
This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.
Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.
The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.
Palo Alto Networks List Management
Read MorePalo Alto Networks List Management
Palo Alto Networks List Management integration.
Use Cases
- Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement
- Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies
Torq
Read MoreTorq
The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.
Use Case
Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.
These complementary abilities enable the following—and more:
- Automatic enforcement of endpoint-agent coverage
- Faster threat mitigation and threat remediation
- Reducing risks through orchestrated vulnerability response and vulnerability remediation
Firewall & NAC
Aruba ClearPass
Read MoreAruba ClearPass
Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.
Use Cases
- Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
- The retrieved information is correlated with other data sources
- Detect missing or malfunctioning agents
- Detect out-of-life or out-of-support agent versions
- Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass
Check Point IoT
Read MoreCheck Point IoT
Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.
Use Cases
- Analyze traffic logs.
- Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.
- Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.
Cisco ASA
Read MoreCisco ASA
The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.
Use Cases
- Retrieve information on all Cisco ASA devices and correlate it with other data sources.
- Collect information of the operating system running on the device.
Cisco ISE PxGrid
Read MoreCisco ISE PxGrid
Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.
Learn more about our integration with Cisco ISEForescout
Read MoreForescout
This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.
Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.
The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.
FortiGate
Read MoreFortiGate
Fortinet’s FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies
Use Cases
- Retrieve detailed information on all Fortinet Fortigate related devices in the Armis Platform and correlate them with other data sources
- Identify logged-in users
Fortinet FortiManager Enforcement
Read MoreFortinet FortiManager Enforcement
FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. FortiManager provides centralized policy-based provisioning and configuration management for FortiGate, FortiWiFi, FortiAP, and other devices.
Use Cases
- Device IP enforcement
Fortinet FortiNAC
Read MoreFortinet FortiNAC
FortiNAC is a zero-trust access solution that oversees and protects all digital assets connected to the enterprise network, covering devices ranging from IT, IoT, OT/ICS, to IoMT. With network access control that enhances the Fortinet Security Fabric, FortiNAC delivers visibility, control, and automated response for everything that connects to the network. FortiNAC provides protection against IoT threats, extends control to third-party network devices, and orchestrates automatic response to a wide range of network events.
This integration fetches useful information from FortiNAC. FortiNAC discovers all connected devices in your network, controls their access to network resources, and responds to security vulnerabilities automatically.
Use Cases
Device data enrichment:
- Full visibility of all FortiNAC hosts and devices
- Correlation of FortiNAC hosts and devices with other data sources (such as Active Directory,
WLCs)
Compliance:
- The criticality of FortiNAC managed assets
- Applications installed on the hosts
- View the last time the device was seen
Illumio
Read MoreIllumio
Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Illumio.
Palo Alto Networks GlobalProtect
Read MorePalo Alto Networks GlobalProtect
Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.
Use Cases
- Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
- Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
- Enrich existing devices with traffic data from their VPN network connections
- Provide detailed information on all GlobalProtect related devices and correlate it with other data sources
Palo Alto Networks List Management
Read MorePalo Alto Networks List Management
Palo Alto Networks List Management integration.
Use Cases
- Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement
- Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies
Palo Alto Networks Panorama
Read MorePalo Alto Networks Panorama
The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.
Use Cases
- Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
- Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)
Healthcare
Medical Disclosure Statement (MDS2)
Read MoreMedical Disclosure Statement (MDS2)
MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.
Use Cases
- View MDS2 privacy and security attributes mapped to assets and to assess risk
The MDS2 integration is automatically enabled for Armis customers
US Food & Drug Administration (FDA)
Read MoreUS Food & Drug Administration (FDA)
The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.
Use Cases
- Identify assets on FDA recall lists
The FDA integration is automatically enabled for Armis customers
Identity Management
Duo Beyond
Read MoreDuo Beyond
Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.
Use Cases
- Identify Duo users
- Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
- Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
- Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
- Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.
Okta
Read MoreOkta
Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.
Use Cases
- Provide detailed device information and correlate it with other data sources
- Retrieve and collect user data
- Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory
OneLogin
Read MoreOneLogin
OneLogin’s unified access management platform centralizes access across cloud environments to give full control, management, and security for data, devices, and users.
Use Cases
User enrichment:
- Full visibility of all the users from OneLogin
- Correlation of OneLogin users with other data sources (such as Okta, Duo Beyond and Active Directory)
Infrastructure
Oracle
Read MoreOracle
The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.
Manufacturing
Rockwell Engineering Workstation (EWS)
Read MoreRockwell Engineering Workstation (EWS)
Rockwell Automation is a provider of industrial automation and information technology.
Use Cases
- Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
- Provide enhanced information on slots and nested devices
Siemens Engineering Workstation (EWS)
Read MoreSiemens Engineering Workstation (EWS)
Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.
The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial Control Systems (ICS) environment is now possible.
Use Cases
- Fast enrichment of Siemens devices using Siemens Software Engineering files
- Full inventory information enrichment of existing devices-profile, modules information, etc.
- Creation of nested devices not visible to Armis through traffic inspection
Risk Assessment
BlackBerry Cybersecurity CylancePROTECT
Read MoreBlackBerry Cybersecurity CylancePROTECT
BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.
Use Cases
Retrieve detailed information on CylancePROTECT managed devices.
- The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.
Verify compliance with CylancePROTECT security policies by discovering the following:
- Missing or malfunctioning CylancePROTECT agents
- CylancePROTECT agents running out-of-date software versions
- Devices that are not running a CylancePROTECT agent
- Identify the last logged-in device user
Check Point IoT
Read MoreCheck Point IoT
Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.
Use Cases
- Analyze traffic logs.
- Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.
- Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.
CrowdStrike
Read MoreCrowdStrike
CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.
Use Cases
Retrieve detailed information on CrowdStrike managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with CrowdStrike security policies by discovering the following:
- Missing or malfunctioning CrowdStrike agents
- CrowdStrike agents running out-of-date software versions
- Devices that are not running a CrowdStrike agent
- Identify the last logged-in device user
Dropbox
Read MoreDropbox
Dropbox is a SaaS file sharing and cloud storage platform.
Use Cases
- Import user accounts
- Import user activities
Duo Beyond
Read MoreDuo Beyond
Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.
Use Cases
- Identify Duo users
- Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
- Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
- Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
- Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.
Infoblox DDI Syslog
Read MoreInfoblox DDI Syslog
Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.
Use Cases
- Provide information on all Infoblox DDI related devices and correlate it with other data sources.
- Verify device compliance with Infoblox DDI policies:
- Detect devices missing vulnerability scans and patches
- Detect unmanaged devices
- Use correlation with other data sources to detect vulnerable software
- Verify user privileges
McAfee ePO
Read MoreMcAfee ePO
McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.
Use Cases
- Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Microsoft Defender for Endpoint
Read MoreMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Microsoft System Center Configuration Manager (SCCM) & Bitlocker
Read MoreMicrosoft System Center Configuration Manager (SCCM) & Bitlocker
Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.
Use Cases
- Gain full application visibility on managed SCCM devices, including offline applications.
- Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
- Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.
NHS Cyber Alerts
Read MoreNHS Cyber Alerts
NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts
Use Cases
- Matching alerts with devices
- Visualise NHS Cyber Alerts and their affected devices
- Prioritization with Armis Asset Vulnerability Management (AVM)
- Status tracking
Nuvolo
Read MoreNuvolo
Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.
Use Cases
Enrich existing Armis devices with data exposed by Nuvolo:
- Asset Tag
- Asset State
- Operation Status
- Owning Department
- Install Date
- Is Critical
- End of Support
- End of Life
Verify compliance with Nuvolo policies by detecting:
- Missing or malfunctioning Nuvolo agents
- Nuvolo agents running out-of-date software versions
- Devices that are not running a Nuvolo agent, such as:
- Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.
- Push/send device interaction data to CMMS for use in displaying device dependency visualizations.
- Identify the last logged-in device user.
Palo Alto Cortex XDR
Read MorePalo Alto Cortex XDR
Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.
The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Palo Alto Networks GlobalProtect
Read MorePalo Alto Networks GlobalProtect
Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.
Use Cases
- Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
- Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
- Enrich existing devices with traffic data from their VPN network connections
- Provide detailed information on all GlobalProtect related devices and correlate it with other data sources
Qualys
Read MoreQualys
The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.
Use Cases
- Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
- Verify device compliance with Qualys security policies by detecing:
- Devices missing vulnerability scans and patches
- Unmanaged devices.
- Initiate vulnerability scans based on automated Armis policies
Rapid7 InsightVM
Read MoreRapid7 InsightVM
Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.
Use Cases
- Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
- Verify device compliance with Rapid7 InsightVM security policies by detecting:
- Devices missing vulnerability scans and patches
- Unmanaged devices
- Vulnerable software (in conjunction with other data sources)
- Verify user privileges
- Initiate vulnerability scans based on automated Armis policies
SentinelOne
Read MoreSentinelOne
The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.
Use Case
- Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
- Verify device compliance with Sentinel One policies by detecting:
- Missing or malfunctioning Sentinel One agents
- Sentinel One agents running out-of-date software versions
- Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
- Identify the last logged-in device user
Sophos Endpoint Protection (Intercept X)
Read MoreSophos Endpoint Protection (Intercept X)
Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.
The integration retrieves detailed information on Sophos Intercept X managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Symantec Endpoint Protection – Broadcom
Read MoreSymantec Endpoint Protection – Broadcom
Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.
Use Cases
- Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Tanium Interact
Read MoreTanium Interact
The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.
Use Cases
- Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
- Compliance:
- Detection of missing or malfunctioning Tanium Interact agents
- Detection of Tanium Interact agents running out-of-date software versions
- Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
- Ability to view the last logged-in device user
Tenable.io
Read MoreTenable.io
Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration — Initiating vulnerability scans based on automated Armis policies
Tenable.sc
Read MoreTenable.sc
Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration—Initiating vulnerability scans based on automated Armis policies
Trellix FireEye Endpoint Protection
Read MoreTrellix FireEye Endpoint Protection
Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.
Use Cases
- Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
- Verify compliance with FireEye security policies by discovering the following:
- Missing or malfunctioning FireEye agents
- FireEye agents running out-of-date software versions
- Devices that are not running a FireEye agent
- Identify the last logged-in device user
Trend Micro Apex One
Read MoreTrend Micro Apex One
Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.
The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
VMware Carbon Black
Read MoreVMware Carbon Black
VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.
Use Cases
- Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
- Detect compliance of missing or malfunctioning Carbon Black Defense agents
- Detect Carbon Black Defense agents running out-of-date software versions
- Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
- Identify the last logged-in device user
SaaS Applications
Dropbox
Read MoreDropbox
Dropbox is a SaaS file sharing and cloud storage platform.
Use Cases
- Import user accounts
- Import user activities
Security ScoreCard
Read MoreSecurity ScoreCard
SecurityScorecard helps companies rate and understand any company’s security risk.
VIPR pro ingests, deduplicates and contextualizes host and web application vulnerability findings from SecurityScorecard to; prioritize based on risk and business impact through association with enriched asset profiles; operationalize the remediation process through remediaton ownership assignment and automated ticket generation and monitoring.
Secrets Managers
CyberArk
Read MoreCyberArk
CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.
Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures.
The integration between Armis and CyberArk allows customers to leverage CyberArk’s advanced secrets management functionalities while seamlessly integrating with the Armis platform to maintain secure operations and compliance.
SOAR
Siemplify
Read MoreSiemplify
Armis and Siemplify enable organizations to take action automatically to protect critical information and systems.
Switch
Network Mapper
Read MoreNetwork Mapper
Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.
Use Cases
- Identify network equipment
- Retrieve ARP tables
Switch/SPAN
Read MoreSwitch/SPAN
Use Cases
- Inspect traffic
- Monitor activities
- Track connections
- Provide relevant data for accurate device identification
- Assist in user association
Threat Detection & Response
Netskope
Read MoreNetskope
Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.
Use Cases
- Enrichment of existing Armis devices with data exposed by Netskope.
Palo Alto Networks Panorama
Read MorePalo Alto Networks Panorama
The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.
Use Cases
- Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
- Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)
Vulnerability Assessment
Black Duck by Synopsys
Read MoreBlack Duck by Synopsys
Black Duck helps manage the security, quality, and license compliance risks for open source and third-party code.
VIPR Pro ingests, normallizes and correlates Black findings to: identify, group and prioritize code package vulnerabilities; operationalize remediation workflows and fix guidance for for application teams and developers.
Bugcrowd
Read MoreBugcrowd
Bugcrowd safeguards organizations’ assets from sophisticated threat actors before by uniting customers with trusted hackers.
VIPR Pro ingests, normallizes and correlates Bugcrowd’s crowdsourced security alerts to: contextualize and associate Bugcrowd alerts with impacted assets to prioritize risk remediation actiions: assign ownership and track remediation task status through bidirectional integration with ticketing systems.
Common Vulnerabilities and Exposures (CVE)
Read MoreCommon Vulnerabilities and Exposures (CVE)
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.
The CVE integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Cybersecurity and Infrastructure Security Agency (CISA)
Read MoreCybersecurity and Infrastructure Security Agency (CISA)
Cybersecurity and Infrastructure Security Agency (CISA) manages a catalog of Known Exploited Vulnerabilities (KEV) and requires federal civilian agencies to remediate such vulnerabilities within specific timeframes.
Use Cases
- Audit vulnerability remediation by the CISA Due Date
The CISA KEV integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Exploit Prediction Scoring System (EPSS)
Read MoreExploit Prediction Scoring System (EPSS)
The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Their goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
The EPSS integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Google Project Zero
Read MoreGoogle Project Zero
Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.
The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Medical Disclosure Statement (MDS2)
Read MoreMedical Disclosure Statement (MDS2)
MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.
Use Cases
- View MDS2 privacy and security attributes mapped to assets and to assess risk
The MDS2 integration is automatically enabled for Armis customers
MITRE ATT&CK®
Read MoreMITRE ATT&CK®
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
The MITRE ATT&CK® integration is automatically enabled for Armis customers.
National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD)
Read MoreNational Institute of Standards and Technology (NIST) National Vulnerability Database (NVD)
The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
The NIST NVD integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
NHS Cyber Alerts
Read MoreNHS Cyber Alerts
NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts
Use Cases
- Matching alerts with devices
- Visualise NHS Cyber Alerts and their affected devices
- Prioritization with Armis Asset Vulnerability Management (AVM)
- Status tracking
Qualys
Read MoreQualys
The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.
Use Cases
- Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
- Verify device compliance with Qualys security policies by detecing:
- Devices missing vulnerability scans and patches
- Unmanaged devices.
- Initiate vulnerability scans based on automated Armis policies
Rapid7 InsightVM
Read MoreRapid7 InsightVM
Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.
Use Cases
- Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
- Verify device compliance with Rapid7 InsightVM security policies by detecting:
- Devices missing vulnerability scans and patches
- Unmanaged devices
- Vulnerable software (in conjunction with other data sources)
- Verify user privileges
- Initiate vulnerability scans based on automated Armis policies
Rapid7 InsightVM Cloud
Read MoreRapid7 InsightVM Cloud
Rapid7 InsightVM Cloud is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation.
Rapid7 Nexpose Data Warehouse
Read MoreRapid7 Nexpose Data Warehouse
Rapid7 Nexpose is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. Rapid7 offers a data warehouse solution.
Use Cases
Device data enrichment:
- Full visibility of all Rapid7 Nexpose related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Detection of vulnerable software by using correlations with other data sources
runZero
Read MorerunZero
runZero provides visibility into enterprises’ external attack surface.
VIPR Pro ingests, normalises and deduplicates asset data from runZero to: centralize asset inventory, enrich asset management profiles with custom metadata for adaptable prioritization.
Tanium Comply
Read MoreTanium Comply
Tanium Comply conducts vulnerability and compliance assessments against operating systems, applications, software supply chain, and security configurations and policies.
The Tanium Comply integration imports CVE data (that is, asset vulnerabilities) about the assets that the associated Tanium Comply instance manages.
Use Case
- Integrate Tanium Comply CVE findings into Armis, prioritize them against other CVE findings in the organization, open tickets, and track their remediation process.
Tenable.io
Read MoreTenable.io
Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration — Initiating vulnerability scans based on automated Armis policies
Tenable.sc
Read MoreTenable.sc
Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration—Initiating vulnerability scans based on automated Armis policies
Tor
Read MoreTor
The Tor network is a system that facilitates anonymous communication by concealing a user’s Internet Protocol (IP) address through encryption and a series of self-described anonymous and private connections. The Tor network receives its name from the original software project it is based upon, ‘The onion router’.
Use Cases
- Alert to Tor traffic on the corporate network
- The Tor integration is automatically enabled for Armis customers
US Food & Drug Administration (FDA)
Read MoreUS Food & Drug Administration (FDA)
The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.
Use Cases
- Identify assets on FDA recall lists
The FDA integration is automatically enabled for Armis customers
VirusTotal
Read MoreVirusTotal
VirusTotal analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. Their goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers and end users of all kinds.
The VirusTotal integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
WLC
Aruba Central
Read MoreAruba Central
Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba Instant
Read MoreAruba Instant
Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba WLC
Read MoreAruba WLC
Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Use Cases
Device Enrichment – view, search and visualize:
- Access points & switches managed by Aruba WLC
- Wireless Clients
- Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
- Visibility: View current and historic wireless connections between devices and access points
- Define policies on abnormal connections
- Detect rogue access points
Cambian cnMaestro
Read MoreCambian cnMaestro
Cambium Networks cnMaestro is a cloud-based Wi-Fi management solution that provides monitoring
wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device enrichment:
- View, search, and visualize access points managed by Cambium cnMaestro WLC
- Enhance information on access points, such as serial number, firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or directly to the access points
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
Cisco Catalyst WLC
Read MoreCisco Catalyst WLC
A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.
Use Cases
- Retrieve information on all Cisco WLC devices and correlate it with other data sources.
Cisco DNA Center
Read MoreCisco DNA Center
Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.
Use Cases
- Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
- Enrichment of existing Armis devices with data exposed by Cisco DNA Center
Cisco Meraki
Read MoreCisco Meraki
Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.
Learn more about our integration with Cisco MerakiExtreme CloudiQ
Read MoreExtreme CloudiQ
ExtremeCloud IQ is an industry-leading approach to cloud-driven networking, designed to take full advantage of Extreme’s end-to-end networking solutions. It delivers unified, full-stack management of access points, switches, and SD-WAN. ExtremeCloud IQ uses innovative ML technologies to analyze and interpret millions of network and user data points, from the edge to the data center, to power actionable business and IT insights. This innovative platform streamlines operations by delivering new levels of network automation and intelligence.
Use Cases
Device data enrichment:
- Full visibility of all ExtremeCloud IQ devices and its associated clients.
- Correlation of ExtremeCloud IQ clients and devices with other data sources (such as Active Directory, and WLCs).
Compliance:
- The number of clients connected to the device.
- Location of the assets.
- View the last time the device was seen.
Extreme WLC
Read MoreExtreme WLC
Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.
Hewlett Packard (HP) WLC
Read MoreHewlett Packard (HP) WLC
The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.
Use Cases
- Provide detailed information on HP WLC equipment, including its identification and profile
- Collect information on HP WLC-managed Access Points (APs)
- Fetch detailed information on Clients (endpoints) that connect to Access Points.
- Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
- Map which endpoints are connected to which APs in the network
Juniper Mist
Read MoreJuniper Mist
Juniper Mist is a cloud-based Wi-Fi management solution that provides monitoring wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device Enrichment:
- View, search, and visualize access points and switches managed by Mist WLC
- Enhance information on access points and switches, such as serial number firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or via Mist-managed switches
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
Armis Centrix™
Absolute
Read MoreAbsolute
Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.
Airgap
Read MoreAirgap
Airgap provides asset discovery for every device on your network, ML-driven network threat and performance monitoring at scale. And unlike “”observer” solutions, Airgap can take instant action to remedy risks.
This integration fetches useful information from the Airgap assets. The integration uses the Airgap rest API to fetch the information from the Airgap assets.
Use Cases
Device data enrichment:
- Full visibility of all Airgap assets
- Correlation of Airgap assets with other data sources (such as Active Directory, WLCs)
Compliance:
- The Creation Time and the Last Seen Time of the Airgap assets
Airlock Digital
Read MoreAirlock Digital
The Airlock Digital platform is a cybersecurity solution that focuses on application whitelisting and control. It helps organizations prevent unauthorized applications from running on their systems, improving their security posture. The platform provides a centralized management console for creating and managing application whitelists, as well as monitoring and reporting on application usage.
Alaris Medical
Read MoreAlaris Medical
The Alaris Integration provides full visibility into the Alaris system for inventory, security and utilization
Use Cases
- Ingest the Alaris Server configuration
- Provide full device identification – S/N, model, FW
- Show utilization & operational activity
Amazon Web Services (AWS)
Read MoreAmazon Web Services (AWS)
Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
Use Cases
Device data enrichment:
- Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.
Compliance:
- Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).
Aruba Central
Read MoreAruba Central
Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba ClearPass
Read MoreAruba ClearPass
Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.
Use Cases
- Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
- The retrieved information is correlated with other data sources
- Detect missing or malfunctioning agents
- Detect out-of-life or out-of-support agent versions
- Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass
Aruba Instant
Read MoreAruba Instant
Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba WLC
Read MoreAruba WLC
Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Use Cases
Device Enrichment – view, search and visualize:
- Access points & switches managed by Aruba WLC
- Wireless Clients
- Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
- Visibility: View current and historic wireless connections between devices and access points
- Define policies on abnormal connections
- Detect rogue access points
Atlassian Jira – Email Ticketing
Read MoreAtlassian Jira – Email Ticketing
Jira is a proprietary issue-tracking product developed by Atlassian that allows bug tracking and agile project management.
Use Cases
The Email Ticketing integration sends alerts by email to an email address associated with a ticketing system. This allows the user to configure an Armis automation flow, automatically raising tickets in Jira.
BACnet
Read MoreBACnet
BACnet is a communication protocol for building automation and control (BAC) networks.
Use Cases
- Security and operational
The BACnet integration is automatically enabled for Armis customers
BigFix
Read MoreBigFix
BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
BlackBerry Cybersecurity CylancePROTECT
Read MoreBlackBerry Cybersecurity CylancePROTECT
BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.
Use Cases
Retrieve detailed information on CylancePROTECT managed devices.
- The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.
Verify compliance with CylancePROTECT security policies by discovering the following:
- Missing or malfunctioning CylancePROTECT agents
- CylancePROTECT agents running out-of-date software versions
- Devices that are not running a CylancePROTECT agent
- Identify the last logged-in device user
BlueCat DHCP
Read MoreBlueCat DHCP
BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
- Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.
BMC Helix Configuration Management Database (CMDB)
Read MoreBMC Helix Configuration Management Database (CMDB)
The BMC Helix Configuration Management Database (CMDB) enriches ecosystem workflow with a business aware, single source of reference for your assets and services.
Use Cases
- Retrieve detailed information about BMC CMDB-inventory CIs
- Enrichment of existing Armis devices with data exposed by BMC CMDB
Cambian cnMaestro
Read MoreCambian cnMaestro
Cambium Networks cnMaestro is a cloud-based Wi-Fi management solution that provides monitoring
wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device enrichment:
- View, search, and visualize access points managed by Cambium cnMaestro WLC
- Enhance information on access points, such as serial number, firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or directly to the access points
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
Check Point Harmony (Sandblast)
Read MoreCheck Point Harmony (Sandblast)
Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.
Use Cases
- Device data enrichment
- Full visibility of all Check Point Harmony Endpoint managed devices
- Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)
Compliance
- The compliance status of Check Point Harmony Endpoint managed devices
- Isolation status of Check Point Harmony Endpoint managed devices
- View the groups in which the devices are located
- View the last time the device was accessed
Check Point IoT
Read MoreCheck Point IoT
Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.
Use Cases
- Analyze traffic logs.
- Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.
- Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.
Chef
Read MoreChef
The integration between Armis and Chef helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Case
Retrieve detailed information on Chef managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with Chef security policies by discovering the following:
- Missing or malfunctioning Chef agents
- Chef agents running out-of-date software versions
- Devices that are not running a Chef agent
- Identify the last logged-in device user
Cisco ASA
Read MoreCisco ASA
The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.
Use Cases
- Retrieve information on all Cisco ASA devices and correlate it with other data sources.
- Collect information of the operating system running on the device.
Cisco Catalyst WLC
Read MoreCisco Catalyst WLC
A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.
Use Cases
- Retrieve information on all Cisco WLC devices and correlate it with other data sources.
Cisco Cyber Vision
Read MoreCisco Cyber Vision
Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments
Cisco DNA Center
Read MoreCisco DNA Center
Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.
Use Cases
- Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
- Enrichment of existing Armis devices with data exposed by Cisco DNA Center
Cisco ISE PxGrid
Read MoreCisco ISE PxGrid
Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.
Learn more about our integration with Cisco ISECisco Meraki
Read MoreCisco Meraki
Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.
Learn more about our integration with Cisco MerakiCisco Secure Endpoint
Read MoreCisco Secure Endpoint
Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.
Cisco Secure Workload
Read MoreCisco Secure Workload
Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.
This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.
Cisco UCS
Read MoreCisco UCS
The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.
This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.
Cisco Umbrella
Read MoreCisco Umbrella
Cisco Umbrella is a cloud-delivered security service that provides comprehensive threat intelligence and protection against internet-based threats. It uses DNS and IP layer enforcement to prevent connections to malicious sites before a connection is ever established. Cisco Umbrella also offers secure web gateway capabilities, cloud-delivered firewall, and interactive threat intelligence, making it a robust solution for securing enterprise networks.
The integration between Armis and Cisco Umbrella further enhances customers capabilities by leveraging asset management data as a data source.
Cisco Vulnerability Management (Formerly Kenna)
Read MoreCisco Vulnerability Management (Formerly Kenna)
Cisco Vulnerability Management (Formerly Kenna) is a vulnerability management platform. The platform allows customers to bring data from multiple vendors. It uses various techniques to assess, prioritize, and predict risk.
Armis’s integration transforms Armis data about devices and associated vulnerabilities into Kenna Data Importer (KDI) files and pushes the files to Kenna’s Armis Connector.
Users can apply Armis Standard Query ASQ filters when fetching device information.
The integration requires an Armis Asset Vulnerability Management (AVM) license.
Common Vulnerabilities and Exposures (CVE)
Read MoreCommon Vulnerabilities and Exposures (CVE)
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.
The CVE integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
ConnectWise Automate
Read MoreConnectWise Automate
ConnectWise Automate is a comprehensive remote monitoring and management (RMM) software designed to streamline IT service delivery and enhance the efficiency of IT operations. Its robust features include remote control, patch management, asset management, automated ticketing, and extensive reporting capabilities. These features help MSPs manage complex networks and deliver reliable IT support to their clients. This provides a fully integrated identity lifecycle with device management, patch management, and system insights across Apple, Windows, and Linux operating systems.
The integration between Armis and ConnectWise Automate further enhances customer capabilities by leveraging asset management data as a data source.
Cradlepoint NetCloud
Read MoreCradlepoint NetCloud
Cradlepoint’s NetCloud Manager is a network service management software platform that uses wireless cellular routers to allow its users to harness the power of LTE and 5G cellular networks to grant access to their network and ensure the security of the network and its users.
CrowdStrike
Read MoreCrowdStrike
CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.
Use Cases
Retrieve detailed information on CrowdStrike managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with CrowdStrike security policies by discovering the following:
- Missing or malfunctioning CrowdStrike agents
- CrowdStrike agents running out-of-date software versions
- Devices that are not running a CrowdStrike agent
- Identify the last logged-in device user
CSV
Read MoreCSV
Upload CSV data to manually import new assets or add asset attributes for contextual analysis.
CyberArk
Read MoreCyberArk
CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.
Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures.
The integration between Armis and CyberArk allows customers to leverage CyberArk’s advanced secrets management functionalities while seamlessly integrating with the Armis platform to maintain secure operations and compliance.
Cybereason
Read MoreCybereason
Cybereason EDR provides comprehensive threat protection by continuously monitoring and analyzing activities to detect and neutralize ransomware, malware, fileless attacks, and in-memory threats.
Use Cases
Sensors data enrichment:
- Full visibility of all Cybereason EDR sensors.
- Correlation of Cybereason EDR sensors with other data sources (such as Active Directory, WLCs).
- Additional data related to network interfaces associated with the sensors.
Compliance:
- The First Seen and the Last Seen times of the Cybereason EDR sensors.
Cybersecurity and Infrastructure Security Agency (CISA)
Read MoreCybersecurity and Infrastructure Security Agency (CISA)
Cybersecurity and Infrastructure Security Agency (CISA) manages a catalog of Known Exploited Vulnerabilities (KEV) and requires federal civilian agencies to remediate such vulnerabilities within specific timeframes.
Use Cases
- Audit vulnerability remediation by the CISA Due Date
The CISA KEV integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Device42
Read MoreDevice42
Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Device42.
Dropbox
Read MoreDropbox
Dropbox is a SaaS file sharing and cloud storage platform.
Use Cases
- Import user accounts
- Import user activities
Duo Beyond
Read MoreDuo Beyond
Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.
Use Cases
- Identify Duo users
- Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
- Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
- Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
- Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.
Dynatrace
Read MoreDynatrace
Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.
This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.
Use Cases
- Device data enrichment:
- Full visibility of all Dynatrace OneAgent-managed devices.
- Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).
Compliance
- The State of Dynatrace OneAgent-managed devices.
- Monitoring Mode of the Dynatrace OneAgent-monitored devices.
- View the last time the device was seen.
EfficientIP SOLIDserver DDI
Read MoreEfficientIP SOLIDserver DDI
EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.
Elastic Defend
Read MoreElastic Defend
Elastic Defend provides organizations with prevention, detection, and response capabilities with deep visibility for EPP, EDR, SIEM, and Security Analytics use cases across Windows, macOS, and Linux operating systems running on both traditional endpoints and public cloud environments.
Use Cases
Device data enrichment:
- Full visibility of all Elastic Defend endpoints.
- Correlation of Elastic Defend devices with other data sources (such as Active Directory, WLCs).
Compliance:
- The criticality and Active status of Elastic Defend managed devices.
- View the last time the device was seen.
Eseye
Read MoreEseye
Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.
Use Cases
- Discover and display insights of any Eseye connected IoT device
Exabeam
Read MoreExabeam
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Exploit Prediction Scoring System (EPSS)
Read MoreExploit Prediction Scoring System (EPSS)
The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Their goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
The EPSS integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Extreme CloudiQ
Read MoreExtreme CloudiQ
ExtremeCloud IQ is an industry-leading approach to cloud-driven networking, designed to take full advantage of Extreme’s end-to-end networking solutions. It delivers unified, full-stack management of access points, switches, and SD-WAN. ExtremeCloud IQ uses innovative ML technologies to analyze and interpret millions of network and user data points, from the edge to the data center, to power actionable business and IT insights. This innovative platform streamlines operations by delivering new levels of network automation and intelligence.
Use Cases
Device data enrichment:
- Full visibility of all ExtremeCloud IQ devices and its associated clients.
- Correlation of ExtremeCloud IQ clients and devices with other data sources (such as Active Directory, and WLCs).
Compliance:
- The number of clients connected to the device.
- Location of the assets.
- View the last time the device was seen.
Extreme WLC
Read MoreExtreme WLC
Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.
Flexera One
Read MoreFlexera One
Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.
The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.
Flexera Spider
Read MoreFlexera Spider
Flexera Spider provides IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.
Armis utilizes this integration to enrich the device inventory with information received from Flexera Spider.
Forcepoint DLP
Read MoreForcepoint DLP
Forcepoint Data Loss Prevention (DLP) is a security solution designed to protect sensitive data from unauthorized access and breaches. It identifies, classifies, and monitors data across various environments, enforcing policies to ensure compliance and data integrity.
By analyzing user behavior and providing real-time protection, Forcepoint DLP helps prevent data loss incidents. It is essential for organizations to safeguard critical information and maintain regulatory compliance.
This integration collects information from endpoints, using the Forcepoint DLP database to retrieve the information.
Use Cases
Device data enrichment:
- Full visibility of all Forcepoint DLP endpoints.
- Correlation of Forcepoint DLP endpoints with other data sources (such as Active Directory and WLCs).
Compliance:
- The criticality status of Forcepoint DLP managed devices.
- The Active status of Forcepoint DLP managed devices.
- View the last seen timestamp of the device.
Forescout
Read MoreForescout
This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.
Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.
The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.
FortiGate
Read MoreFortiGate
Fortinet’s FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies
Use Cases
- Retrieve detailed information on all Fortinet Fortigate related devices in the Armis Platform and correlate them with other data sources
- Identify logged-in users
Fortinet FortiManager Enforcement
Read MoreFortinet FortiManager Enforcement
FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. FortiManager provides centralized policy-based provisioning and configuration management for FortiGate, FortiWiFi, FortiAP, and other devices.
Use Cases
- Device IP enforcement
Fortinet FortiNAC
Read MoreFortinet FortiNAC
FortiNAC is a zero-trust access solution that oversees and protects all digital assets connected to the enterprise network, covering devices ranging from IT, IoT, OT/ICS, to IoMT. With network access control that enhances the Fortinet Security Fabric, FortiNAC delivers visibility, control, and automated response for everything that connects to the network. FortiNAC provides protection against IoT threats, extends control to third-party network devices, and orchestrates automatic response to a wide range of network events.
This integration fetches useful information from FortiNAC. FortiNAC discovers all connected devices in your network, controls their access to network resources, and responds to security vulnerabilities automatically.
Use Cases
Device data enrichment:
- Full visibility of all FortiNAC hosts and devices
- Correlation of FortiNAC hosts and devices with other data sources (such as Active Directory,
WLCs)
Compliance:
- The criticality of FortiNAC managed assets
- Applications installed on the hosts
- View the last time the device was seen
Google Chronicle
Read MoreGoogle Chronicle
Chronicle is a cybersecurity telemetry platform for threat hunting, and threat intelligence and is part of the Google Cloud Platform. Chronicle stores log events it receives in two formats: either as the original raw log or structured Unified Data Model (UDM) log. There are two critical elements to consider for parsing, Unified Data Model (UDM) which defines the schema for parsing, and Configuration Based Normalizers (CBN) which describes how to log data is transformed to the UDM schema.
Chronicle Integration for Armis:
The Chronicle integration for Armis enables the transfer and parsing of Armis Alerts, Activities, Devices, and Vulnerabilities in the Chronicle. These parsed events can be utilized for search, reporting, and visualization workflows.
The ingestion script ingests the following 4 types of event categories:
- Armis Alerts
- Armis Activities
- Armis Devices
- Armis Vulnerabilities
Google Cloud Platform (GCP)
Read MoreGoogle Cloud Platform (GCP)
GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.
Use Cases
- Retrieve information on GCP related devices, including their identification and operating system details.
Google Endpoint Manager – ChromeOS
Read MoreGoogle Endpoint Manager – ChromeOS
Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.
The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Google Project Zero
Read MoreGoogle Project Zero
Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.
The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Hewlett Packard (HP) WLC
Read MoreHewlett Packard (HP) WLC
The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.
Use Cases
- Provide detailed information on HP WLC equipment, including its identification and profile
- Collect information on HP WLC-managed Access Points (APs)
- Fetch detailed information on Clients (endpoints) that connect to Access Points.
- Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
- Map which endpoints are connected to which APs in the network
IEEE – Organizationally Unique Identifier (OUI)
Read MoreIEEE – Organizationally Unique Identifier (OUI)
(Organizational Unique Identifier) The part of the MAC address that identifies the vendor of the network adapter. The OUI is the first three bytes of the six-byte field and is administered by the IEEE.
Use Cases
- Assists in identifying assets by manfactuturer, type and category
The OUI integration is automatically enabled for Armis customers
Illumio
Read MoreIllumio
Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Illumio.
Infoblox DDI Syslog
Read MoreInfoblox DDI Syslog
Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.
Use Cases
- Provide information on all Infoblox DDI related devices and correlate it with other data sources.
- Verify device compliance with Infoblox DDI policies:
- Detect devices missing vulnerability scans and patches
- Detect unmanaged devices
- Use correlation with other data sources to detect vulnerable software
- Verify user privileges
Ivanti Endpoint Management (Landesk)
Read MoreIvanti Endpoint Management (Landesk)
Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.
Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.
Use Cases
- Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
- View the last inventory scan time of devices.
- View the last login time of devices.
Ivanti Neurons for MDM
Read MoreIvanti Neurons for MDM
Ivanti Neurons for MDM offers a robust mobile device management (MDM) solution designed to assist organizations in administering and safeguarding various mobile devices, such as smartphones, tablets, and computers. This unified management platform is compatible with a range of operating systems, including iOS, Android, macOS, ChromeOS, and Windows, allowing for seamless device management across diverse ecosystems.
Use Cases
Device data enrichment:
- Full visibility of all Ivanti Neurons for MDM devices.
- Correlation of Ivanti Neurons for MDM devices with other data sources (such as Active Directory and WLCs).
- Data related to network interfaces associated with the devices.
- Additional data related to applications associated with the devices.
User data enrichment:
- Full visibility of all Ivanti Neurons for MDM users.
Compliance:
- View the last check-in time of the Ivanti Neurons for MDM devices.
Jamf
Read MoreJamf
Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.
Use Cases
Provide detailed profile information on all Jamf managed devices, including:
- Last Check-in date
- Device name
- Network information
- Warranty status, etc.
- The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)
Verify device compliance with JAMF policies by detecting:
- Missing or malfunctioning Jamf agents
- Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed
- Identify the last logged-in device user
Jumpcloud
Read MoreJumpcloud
JumpCloud provides secure, frictionless device and identity management. This gives a fully integrated identity lifecycle with multi-factor authentication, mobile device management, patch management, and system insights across Apple, Windows, and Linux operating systems. The integration between Armis and JumpCloud helps with asset management for identification, analysis, and risk assessment purposes.
Juniper Mist
Read MoreJuniper Mist
Juniper Mist is a cloud-based Wi-Fi management solution that provides monitoring wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device Enrichment:
- View, search, and visualize access points and switches managed by Mist WLC
- Enhance information on access points and switches, such as serial number firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or via Mist-managed switches
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
Kaseya VSA
Read MoreKaseya VSA
Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.
Use Cases
- Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
- Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
- Identify the last logged-in device user.
Lansweeper
Read MoreLansweeper
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes.
LMNTRIX
Read MoreLMNTRIX
Lmntrix provides continuous monitoring and on-demand analysis of your network, helping you to prevent cyber attacks. The integration between Armis and Lmntrix further enhances customer capabilities by leveraging asset management data as a data source.
- Device data enrichment.
- Full visibility of all Lmntrix managed device profile information, such as the Last check-in date, device name, network information, and status.
- Full visibility of the entire Lmntrix asset inventory.
LogRhythm
Read MoreLogRhythm
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Malwarebytes
Read MoreMalwarebytes
Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.
Use Case
- Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.
ManageEngine – Endpoint Central
Read MoreManageEngine – Endpoint Central
ManageEngine Endpoint Central is a Unified Endpoint Management (UEM) and security software that comprehensively addresses the requirements of IT administrators. It helps IT administrators to perform patch management, software deployment, OS deployment and take remote control to troubleshoot devices. And with the help of endpoint security features, which includes vulnerability assessment, application control, device control, BitLocker management and browser security, IT administrators can safeguard their network endpoints. Furthermore, Endpoint Central integrates seamlessly with ManageEngine and other third-party solutions.
Use Cases
Device data enrichment:
- Full visibility of all ManageEngine Endpoint Central managed devices
- Correlation of ManageEngine Endpoint Central managed devices with other data sources (such as Active Directory, WLCs).
Compliance:
- The state of ManageEngine Endpoint Central managed devices
- The scan status of the ManageEngine Endpoint Central managed devices
- The agent status of the ManageEngine Endpoint Central managed devices
- View the last time the device was seen
McAfee ePO
Read MoreMcAfee ePO
McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.
Use Cases
- Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Medical Disclosure Statement (MDS2)
Read MoreMedical Disclosure Statement (MDS2)
MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.
Use Cases
- View MDS2 privacy and security attributes mapped to assets and to assess risk
The MDS2 integration is automatically enabled for Armis customers
Microsoft Active Directory
Read MoreMicrosoft Active Directory
Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.
Use Cases
Retrieve detailed information on all Active Directory users and machines
- The retrieved information is correlated with other data sources.
- Identify user access by device and timeline
- Fetch the details about user access per machine
- Obtain the status of each account
- Add third-party integrations to identify the last logged in user by device
Verify compliance with Active Directory security policies by detecting the following:
- Computers with the AD Account disabled
- Computer accounts with the AD Password set to Not Required or Never Expire
- Computers that are not configured to require any pre-authentication
Microsoft Azure
Read MoreMicrosoft Azure
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
Use Cases
- Provide detailed information on Microsoft Azure VMs.
- Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).
Microsoft Azure Sentinel
Read MoreMicrosoft Azure Sentinel
The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.
The integration is provided as an Azure Marketplace App available here.
Microsoft Defender for Endpoint
Read MoreMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Microsoft DHCP
Read MoreMicrosoft DHCP
Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
- Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.
Microsoft Endpoint Manager (Intune)
Read MoreMicrosoft Endpoint Manager (Intune)
Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Microsoft Entra (formerly Azure AD)
Read MoreMicrosoft Entra (formerly Azure AD)
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.
Use Cases
- Enrichment of existing Armis devices with data exposed by Azure AD.
Compliance
- Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
- Associate users to devices.
- Ability to view the last logged-in device user.
Microsoft Hyper-V
Read MoreMicrosoft Hyper-V
Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.
This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.
Use Cases
Device data enrichment:
- Full visibility of all Microsoft Hyper-V managed VMs and Hosts
- Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)
Compliance:
- The creation time of Microsoft Hyper-V VMs
Microsoft System Center Configuration Manager (SCCM) & Bitlocker
Read MoreMicrosoft System Center Configuration Manager (SCCM) & Bitlocker
Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.
Use Cases
- Gain full application visibility on managed SCCM devices, including offline applications.
- Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
- Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.
MITRE ATT&CK®
Read MoreMITRE ATT&CK®
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
The MITRE ATT&CK® integration is automatically enabled for Armis customers.
Mosyle MDM
Read MoreMosyle MDM
Mosyle is a leading solution designed to empower educational institutions and businesses with seamless device management, security, and productivity features. Developed primarily for Apple devices, including iPhones, TVs, and Mac computers, Mosyle provides a comprehensive platform to efficiently manage large fleets of devices while optimizing the end-user experience.
This integration collects information for different types of devices such as iOS, Mac, and tvOS from Mosyle. It uses the Mosyle Devices API endpoint to get the information.
Use Cases
Device data enrichment:
- Full visibility of different types of Mosyle devices.
- Additional data related to network interfaces associated with the devices.
- Correlation of Mosyle devices with other data sources (such as Active Directory, WLCs).
- View the last time the device was seen.
National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD)
Read MoreNational Institute of Standards and Technology (NIST) National Vulnerability Database (NVD)
The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
The NIST NVD integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Nautobot
Read MoreNautobot
The integration between Armis and Nautobot helps customers with asset management as a data source for identification, network analysis, and risk-assessment purposes.
Netbox
Read MoreNetbox
The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Cases
- Provide detailed information on all NetBox related devices and correlate it with other data sources.
NetBrain
Read MoreNetBrain
NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.
Netskope
Read MoreNetskope
Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.
Use Cases
- Enrichment of existing Armis devices with data exposed by Netskope.
Network Mapper
Read MoreNetwork Mapper
Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.
Use Cases
- Identify network equipment
- Retrieve ARP tables
NHS Cyber Alerts
Read MoreNHS Cyber Alerts
NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts
Use Cases
- Matching alerts with devices
- Visualise NHS Cyber Alerts and their affected devices
- Prioritization with Armis Asset Vulnerability Management (AVM)
- Status tracking
NinjaOne
Read MoreNinjaOne
NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.
Use Cases
- Device data enrichment:
- Full visibility of all NinjaOne-managed devices
- Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)
Nutanix Prism
Read MoreNutanix Prism
Nutanix Prism is the control plane that simplifies and streamlines common workflows to make hypervisor and VM setup as easy as checking your email. This integration will fetch from the Prism API all information on the running VMs and Hosts in the environment.
Use Cases
- Provide detailed information on all Nutanix Prism-related devices and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
Nuvolo
Read MoreNuvolo
Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.
Use Cases
Enrich existing Armis devices with data exposed by Nuvolo:
- Asset Tag
- Asset State
- Operation Status
- Owning Department
- Install Date
- Is Critical
- End of Support
- End of Life
Verify compliance with Nuvolo policies by detecting:
- Missing or malfunctioning Nuvolo agents
- Nuvolo agents running out-of-date software versions
- Devices that are not running a Nuvolo agent, such as:
- Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.
- Push/send device interaction data to CMMS for use in displaying device dependency visualizations.
- Identify the last logged-in device user.
Okta
Read MoreOkta
Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.
Use Cases
- Provide detailed device information and correlate it with other data sources
- Retrieve and collect user data
- Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory
OneLogin
Read MoreOneLogin
OneLogin’s unified access management platform centralizes access across cloud environments to give full control, management, and security for data, devices, and users.
Use Cases
User enrichment:
- Full visibility of all the users from OneLogin
- Correlation of OneLogin users with other data sources (such as Okta, Duo Beyond and Active Directory)
Oracle
Read MoreOracle
The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.
Palo Alto Cortex XDR
Read MorePalo Alto Cortex XDR
Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.
The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Palo Alto Networks GlobalProtect
Read MorePalo Alto Networks GlobalProtect
Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.
Use Cases
- Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
- Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
- Enrich existing devices with traffic data from their VPN network connections
- Provide detailed information on all GlobalProtect related devices and correlate it with other data sources
Palo Alto Networks List Management
Read MorePalo Alto Networks List Management
Palo Alto Networks List Management integration.
Use Cases
- Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement
- Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies
Palo Alto Networks Panorama
Read MorePalo Alto Networks Panorama
The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.
Use Cases
- Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
- Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)
Palo Alto Prisma Access
Read MorePalo Alto Prisma Access
Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.
Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.
Prisma Access has to be configured to send HIP reports to Panorama for this to work
Palo Alto Prisma Cloud
Read MorePalo Alto Prisma Cloud
Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP
Phosphorus
Read MorePhosphorus
Phosphorus is an asset inventory and patch-management tool in OT.
The Phosphorus integration enables Armis users to view, consume, and leverage basic asset profile data from Phosphorus.
Puppet
Read MorePuppet
Puppet is an open source software configuration management and deployment tool.
Use Cases
- Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications
QRadar
Read MoreQRadar
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Qualys
Read MoreQualys
The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.
Use Cases
- Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
- Verify device compliance with Qualys security policies by detecing:
- Devices missing vulnerability scans and patches
- Unmanaged devices.
- Initiate vulnerability scans based on automated Armis policies
Quest KACE
Read MoreQuest KACE
Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.
Use Cases
- Device data enrichment:
- Full visibility of all Quest KACE managed devices
- Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)
Radia Endpoint Manager
Read MoreRadia Endpoint Manager
Radia is Endpoint Manager software that provides a unified way for organizations to manage constellation of endpoints, including PCs, servers, smartphones, thin clients, and VDIs to industry-specific devices such as ATMs, POS devices, and medical devices, from a single-pane-of-glass console.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Rapid7 InsightVM
Read MoreRapid7 InsightVM
Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.
Use Cases
- Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
- Verify device compliance with Rapid7 InsightVM security policies by detecting:
- Devices missing vulnerability scans and patches
- Unmanaged devices
- Vulnerable software (in conjunction with other data sources)
- Verify user privileges
- Initiate vulnerability scans based on automated Armis policies
Rapid7 InsightVM Cloud
Read MoreRapid7 InsightVM Cloud
Rapid7 InsightVM Cloud is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation.
Rapid7 Nexpose Data Warehouse
Read MoreRapid7 Nexpose Data Warehouse
Rapid7 Nexpose is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. Rapid7 offers a data warehouse solution.
Use Cases
Device data enrichment:
- Full visibility of all Rapid7 Nexpose related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Detection of vulnerable software by using correlations with other data sources
Red Hat Satellite
Read MoreRed Hat Satellite
Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Red Hat Satellite
Rockwell AssetCentre
Read MoreRockwell AssetCentre
Rockwell AssetCentre software is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information.
AssetCentre allows the organization to manage all existing Rockwell assets across the environment.
Armis integrates with AssetCentre to enrich existing devices with the info pulled from the AssetCentre server. Among the existing types of info that are available through the integration are:
- Identification of the Asset
- Enrichment of the Asset with basic profile fields such as network identifiers, model, and hostname
Rockwell Engineering Workstation (EWS)
Read MoreRockwell Engineering Workstation (EWS)
Rockwell Automation is a provider of industrial automation and information technology.
Use Cases
- Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
- Provide enhanced information on slots and nested devices
Rockwell ThinManager
Read MoreRockwell ThinManager
Rockwell ThinManager is a centralized platform allowing the organization to easily manage all existing ThinClients across the environment.
Armis integrates with ThinManager by using its API and enriches existing devices by the info pulled from the ThinManager server. Among the existing types of info that are available through the integration are:
- Identifying an Asset as a ThinClient and pulling basic profile info such as network identifiers, model, and hostname.
SaltStack
Read MoreSaltStack
SaltStack, also known as Salt, is a configuration management and orchestration tool.
Use Cases
- Provide detailed information on all SaltStack related devices and correlate it with other data sources
- Retrieve the details about the operating system running on a device
Saviynt Enterprise Identity Cloud
Read MoreSaviynt Enterprise Identity Cloud
Saviynt Enterprise Identity Cloud is a cloud identity and access governance platform.
Armis utilizes this integration to enrich the device inventory with device and application information.
Schneider Electric Ecostuxure
Read MoreSchneider Electric Ecostuxure
Connect to an EcoStruxure Building Operation Enterprise Server
SentinelOne
Read MoreSentinelOne
The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.
Use Case
- Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
- Verify device compliance with Sentinel One policies by detecting:
- Missing or malfunctioning Sentinel One agents
- Sentinel One agents running out-of-date software versions
- Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
- Identify the last logged-in device user
ServiceNow (Pull)
Read MoreServiceNow (Pull)
ServiceNow is a cloud-based software platform for IT Service Management (ITSM) that helps automate IT Business Management. It is designed based on ITIL guidelines to provide service orientation for tasks, activities, and processes.
Armis utilizes this integration to enrich the device inventory with device and user information.
Use Cases
- Retrieve detailed information on assets that are inventoried in ServiceNow
- Enrichment of existing Armis devices with data exposed by ServiceNow
- Identify assets discovered by Armis but not known to ServiceNow
ServiceNow Armis Security Incident
Read MoreServiceNow Armis Security Incident
Import Armis Alerts as ServiceNow Security Incidents.
The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more.
- Open tickets automatically for unmanaged, IoT, OT, medical device incidents
- Import Security Incidents in near real-time
- Triage, prioritize, and close Armis Alerts from ServiceNow
- Stop threats efficiently with policy-based enforcements Use Cases
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and update incidents for greater accuracy and efficiency.
- Import Armis Alerts as ServiceNow Security Incidents.
- Guided Setup and Embedded Help articles provide intuitive user experience.
- Integration Dashboards help contextualize and prioritize Armis Alerts.
ServiceNow CMDB
Read MoreServiceNow CMDB
Armis sends device information to the ServiceNow CMDB.
Learn more about our integration with ServiceNowServiceNow Incident Integration
Read MoreServiceNow Incident Integration
The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Use Cases
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IT, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.
ServiceNow Ticketing
Read MoreServiceNow Ticketing
Armis sends alert information to the ServiceNow platform for incident workflow and remediation.
Learn more about our integration with ServiceNowServiceNow Vulnerability Response
Read MoreServiceNow Vulnerability Response
Import Armis Device Vulnerabilities into ServiceNow
Armis is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems. Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.
Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there–and what’s not.
When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.
Use Cases
- ServiceNow Operational Technology (OT) Certified
- Compatible with ServiceNow OT VR
- Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
- Prioritize device vulnerabilities to aid remediation efforts
- Automatically close stale Vulnerabilities
- Cross customer data to provide increased threat intelligence
- Designed to be fully compatible with the Service Graph Connector for Armis
- Guided Setup helps you get up and running quickly
- Support your Operational Technology OT VR workflows alongside IT VR
Siemens Engineering Workstation (EWS)
Read MoreSiemens Engineering Workstation (EWS)
Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.
The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial Control Systems (ICS) environment is now possible.
Use Cases
- Fast enrichment of Siemens devices using Siemens Software Engineering files
- Full inventory information enrichment of existing devices-profile, modules information, etc.
- Creation of nested devices not visible to Armis through traffic inspection
Siemplify
Read MoreSiemplify
Armis and Siemplify enable organizations to take action automatically to protect critical information and systems.
Snow Software
Read MoreSnow Software
Snow Software Asset Management (Atlas) is a software inventory management tool that utilizes API Integrations and the Snow Agent to collect up-to-date software inventory.
Armis utilizes this integration to enrich the device inventory with device and application information.
Use Cases
- Retrieve detailed information on devices that are managed by Snow
- Enrichment of existing Armis devices with data exposed by Snow
SolarWinds Orion
Read MoreSolarWinds Orion
SolarWinds Orion is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.
Use Cases
Device data enrichment:
- Full visibility of all the devices from SolarWinds Orion for the following:
- Devices Managed as a Node
- Cloud Instances for AWS and Azure Cloud Providers
- Additional data related to the Server and Applications as well as Network Interfaces with Server
- Application (SAM)/Server Configuration Monitor (SCM) modules of SolarWinds Orion
- Correlation of SolarWinds Orion managed devices with other data sources (such as Active Directory, WLCs)
Compliance:
- The status of SolarWinds Orion managed devices
- The states of the Cloud managed devices
- View the last sync time of the devices
SolarWinds Web Helpdesk
Read MoreSolarWinds Web Helpdesk
SolarWinds Web Helpdesk helps you to automate the process of asset discovery, tracking, and reporting of your hardware and software assets. Assign an asset to a specific user and get a granular view of a computer’s hardware and software.
Sophos Endpoint Protection (Intercept X)
Read MoreSophos Endpoint Protection (Intercept X)
Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.
The integration retrieves detailed information on Sophos Intercept X managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
SOTI MobiControl
Read MoreSOTI MobiControl
SOTI MobiControl is a Enterprise Mobility Management (EMM) solution that provides visibility and control over where your business-critical mobile devices are, what they’re doing, how they’re performing, and what security or compliance risks they’re facing.
Deploy apps to smartphones. Enroll and provision new tablets in the field. Track the location of rugged devices. Identify and neutralize security risks to the Internet of Things (IoT) endpoints. Protect critical data stored on mobile devices. Minimize device downtime so field workers stay productive.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Splunk
Read MoreSplunk
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Sumo Logic
Read MoreSumo Logic
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Switch/SPAN
Read MoreSwitch/SPAN
Use Cases
- Inspect traffic
- Monitor activities
- Track connections
- Provide relevant data for accurate device identification
- Assist in user association
Symantec Asset Management Suite (Altiris)
Read MoreSymantec Asset Management Suite (Altiris)
Symantec Asset Management Suite (formerly named Altiris) improves visibility into IT assets at every point in the lifecycle to reduce costs and fulfil compliance initiatives.
This integration collects information related to assets from the Symantec Asset Management instance. It uses the Database to get the information from the different tables available in the database.
Use Cases
Device data enrichment:
- Full visibility of all the devices from Symantec Asset Management
- Additional data related to network interfaces and the applications associated with the devices
- Correlation of Symantec Asset Management devices with other data sources (such as Active Directory, WLCs)
- View the last agent communication time of the devices
Symantec Endpoint Protection – Broadcom
Read MoreSymantec Endpoint Protection – Broadcom
Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.
Use Cases
- Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Taegis XDR
Read MoreTaegis XDR
Taegis XDR (formerly Secureworks Red Cloak Threat Detection & Response) is a threat-intelligence-based security analytics platform with built-in security context developed by Secureworks, a cybersecurity company. It offers advanced threat detection, investigation, and response capabilities across multiple endpoints, networks and cloud environments.
Use Cases
Endpoints data enrichment:
- Full visibility of all Taegis XDR endpoints.
- Correlation of Taegis XDR endpoints with other data sources (such as Active Directory, WLCs).
- Additional data related to Network Interfaces associated with the Endpoints.
Compliance:
- The Creation Time and the Last Seen Time of the Taegis XDR endpoints.
Tanium Asset
Read MoreTanium Asset
Tanium Asset provides a comprehensive inventory of hardware and software assets across your environment. This integration provides detailed profile information on all Tanium Asset devices.
Use Cases
- Enrichment of existing Armis devices with data exposed by Tanium Asset.
- Device identification and inventory of installed applications.
- User-to-Device association.
Tanium Comply
Read MoreTanium Comply
Tanium Comply conducts vulnerability and compliance assessments against operating systems, applications, software supply chain, and security configurations and policies.
The Tanium Comply integration imports CVE data (that is, asset vulnerabilities) about the assets that the associated Tanium Comply instance manages.
Use Case
- Integrate Tanium Comply CVE findings into Armis, prioritize them against other CVE findings in the organization, open tickets, and track their remediation process.
Tanium Discover
Read MoreTanium Discover
Tanium Discover shows the hostname, MAC and IP addresses, device manufacturer, OS, open ports/applications and historical information such as the first and last time the unmanaged asset was seen on the network.
Use Cases
- Enrichment of existing Armis devices with data exposed by Tanium Discover.
Compliance
- Detection of unmanaged devices that are capable of being managed by Tanium. Detection of unmanageable devices.
Tanium Interact
Read MoreTanium Interact
The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.
Use Cases
- Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
- Compliance:
- Detection of missing or malfunctioning Tanium Interact agents
- Detection of Tanium Interact agents running out-of-date software versions
- Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
- Ability to view the last logged-in device user
Tenable.io
Read MoreTenable.io
Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration — Initiating vulnerability scans based on automated Armis policies
Tenable.sc
Read MoreTenable.sc
Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration—Initiating vulnerability scans based on automated Armis policies
Tor
Read MoreTor
The Tor network is a system that facilitates anonymous communication by concealing a user’s Internet Protocol (IP) address through encryption and a series of self-described anonymous and private connections. The Tor network receives its name from the original software project it is based upon, ‘The onion router’.
Use Cases
- Alert to Tor traffic on the corporate network
- The Tor integration is automatically enabled for Armis customers
Torq
Read MoreTorq
The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.
Use Case
Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.
These complementary abilities enable the following—and more:
- Automatic enforcement of endpoint-agent coverage
- Faster threat mitigation and threat remediation
- Reducing risks through orchestrated vulnerability response and vulnerability remediation
Trellix FireEye Endpoint Protection
Read MoreTrellix FireEye Endpoint Protection
Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.
Use Cases
- Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
- Verify compliance with FireEye security policies by discovering the following:
- Missing or malfunctioning FireEye agents
- FireEye agents running out-of-date software versions
- Devices that are not running a FireEye agent
- Identify the last logged-in device user
Trellix Helix (FireEye)
Read MoreTrellix Helix (FireEye)
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Trend Micro Apex One
Read MoreTrend Micro Apex One
Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.
The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Trend Micro Cloud One
Read MoreTrend Micro Cloud One
Utilize the Armis Trend Micro Deep Security Integration with the URL from your region described here https://cloudone.trendmicro.com/docs/identity-and-account-management/c1-regions/
Example for the US: https://workload.us-1.cloudone.trendmicro.com/
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Trend Micro Deep Security
Read MoreTrend Micro Deep Security
Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
US Food & Drug Administration (FDA)
Read MoreUS Food & Drug Administration (FDA)
The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.
Use Cases
- Identify assets on FDA recall lists
The FDA integration is automatically enabled for Armis customers
Vectra
Read MoreVectra
The Vectra Platform provides AI-driven threat detection and response for hybrid and multi-cloud environments. Vectra leverages patented Security AI to pinpoint attacker methods, prioritize threats, and automate response controls. Using the Vectra Platform, you gain unified attack visibility, context across public clouds, SaaS, identities, networks, and endpoints, as well as controls to respond effectively immediately.
Use Cases
- Analyze security gaps – ensure Vectra covers all assets and understand the health of the Vectra platform
- Enrichment of existing Armis devices with data exposed by Vectra
Viakoo
Read MoreViakoo
Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.
Use Cases
- Retrieve detailed information on all Viakoo related devices
- The information includes Service Date, Compliance Status, Priority, Availability, and more
- The information is correlated with other data sources
- Use data exposed by Viakoo to create new devices in the Armis Platform
VirusTotal
Read MoreVirusTotal
VirusTotal analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. Their goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers and end users of all kinds.
The VirusTotal integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
VMware Carbon Black
Read MoreVMware Carbon Black
VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.
Use Cases
- Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
- Detect compliance of missing or malfunctioning Carbon Black Defense agents
- Detect Carbon Black Defense agents running out-of-date software versions
- Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
- Identify the last logged-in device user
VMware vCenter / ESXi
Read MoreVMware vCenter / ESXi
- Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
VMware Workspace ONE
Read MoreVMware Workspace ONE
VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Wiz
Read MoreWiz
Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Retrieve detailed information on cloud resources that are seen by Wiz
- Enrichment of existing Armis devices with data exposed by Wiz
Zscaler
Read MoreZscaler
Armis and Zscaler integrate to retrieve detailed information about Zscaler-managed devices, users, and network traffic, and correlate it with other sources.
Armis Centrix™ for VIPR Pro – Prioritization and Remediation
Atlassian Jira – Email Ticketing
Read MoreAtlassian Jira – Email Ticketing
Jira is a proprietary issue-tracking product developed by Atlassian that allows bug tracking and agile project management.
Use Cases
The Email Ticketing integration sends alerts by email to an email address associated with a ticketing system. This allows the user to configure an Armis automation flow, automatically raising tickets in Jira.
AWS Security Hub
Read MoreAWS Security Hub
AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation.
VIPR Pro ingests Security Hub findings and associates them with deduplicated cloud asset and resource profiles to automate prioritization based on security risk and business impact and operationalize the process of remediating critical findings.
BigFix
Read MoreBigFix
BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Black Duck by Synopsys
Read MoreBlack Duck by Synopsys
Black Duck helps manage the security, quality, and license compliance risks for open source and third-party code.
VIPR Pro ingests, normallizes and correlates Black findings to: identify, group and prioritize code package vulnerabilities; operationalize remediation workflows and fix guidance for for application teams and developers.
Bugcrowd
Read MoreBugcrowd
Bugcrowd safeguards organizations’ assets from sophisticated threat actors before by uniting customers with trusted hackers.
VIPR Pro ingests, normallizes and correlates Bugcrowd’s crowdsourced security alerts to: contextualize and associate Bugcrowd alerts with impacted assets to prioritize risk remediation actiions: assign ownership and track remediation task status through bidirectional integration with ticketing systems.
Checkmarx
Read MoreCheckmarx
Checkmarx streamlines organizations’ DevSecOps, enabling organizations to identify and remediate vulnerabilities.
VIPR Pro ingests, normalizes, deduplicates and contextualizes Checkmarx application security and code package vulnerability alerts to: prioritize findings based on security risk, exploitability and business impact; operationalize remediation workflows for application security and developer teams.
CircleCI
Read MoreCircleCI
CircleCI is a continuous integration and continuous delivery platform that can be used to implement DevOps practices.
VIPR Pro integrates with CircleCI to: inventory code repository assets; monitor and track CI/CD activity to understand ownership and responsibility for code assets; augment organizational structure mapping with asset ownership information.
CrowdStrike
Read MoreCrowdStrike
CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.
Use Cases
Retrieve detailed information on CrowdStrike managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with CrowdStrike security policies by discovering the following:
- Missing or malfunctioning CrowdStrike agents
- CrowdStrike agents running out-of-date software versions
- Devices that are not running a CrowdStrike agent
- Identify the last logged-in device user
CyCode
Read MoreCyCode
Cycode delivers a complete Application Security Posture Management (ASPM) platform.
VIPR Pro integrates with Cycode to ingest, normalize,deduplicate and correlate Application Security Posture Management findings for prioritization and remediation.
Freshservice
Read MoreFreshservice
Freshservice is the intelligent service management solution.
VIPR Pro supports bidrectional integration with Freshservice for: automating ticket generation with renmediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.
GitHub
Read MoreGitHub
GitHub is a developer platform that allows developers to create, store, manage and share their code.
VIPR Pro integrates with GitHub to: inventory code repository assets; discover GitHub users for organizational structure mappings and automate code ownership assignment; identify and incorporate code snippets as part of the remediation workflows.
GitHub Enterprise
Read MoreGitHub Enterprise
GitHub Enterprise Server is a self-hosted platform for software development within organizations.
VIPR Pro integrates with GitHub Enterprise to: inventory code repository assets; discover GitHub users for organizational structure mappings and automate code ownership assignment; maintain assoictaion between vulnerability findings and images; identify and incorporate code snippets as part of the remediation workflows; ingest and normalize Dependabot findings.
GitLab
Read MoreGitLab
GitLab helps companies manage the growing complexities of developing, securing, and deploying software.
VIPR Pro integrates with GitLab to: inventory code repository assets; discover gGtLab users for organizational structure mappings and automate code ownership assignment; maintain assoictaion between vulnerability findings and images; identify and incorporate code snippets as part of the remediation workflows.
Google Cloud Platform (GCP)
Read MoreGoogle Cloud Platform (GCP)
GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.
Use Cases
- Retrieve information on GCP related devices, including their identification and operating system details.
Lacework
Read MoreLacework
Lacework provides data-driven cloud security at scale.
VIPR Pro ingests, normalizes and deduplicates Lacework workload, cloud service, cloud infrastructure, container and image vulnerability, run-time and misconfigurations alerts to automate prioritization of findings based on security risk and enriched asset profiles, and operationalize the remediation lifecycle with automated ownership assignment.
Linear
Read MoreLinear
Linear is an issue tracking and project management tool for companies to build their products better.
VIPR Pro supports bidrectional integration with ManageEngine ServiceDesk for: automating ticket generation with renmediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.
ManageEngine ServiceDesk
Read MoreManageEngine ServiceDesk
ServiceDesk Plus is a service management solution that combines IT service management, IT asset management, and CMDB with enterprise service management capabilities.
VIPR Pro supports bidrectional integration with ManageEngine ServiceDesk for: automating ticket generation with renmediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.
Microsoft Azure DevOps
Read MoreMicrosoft Azure DevOps
Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.
VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.
Microsoft Defender for Endpoint
Read MoreMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Microsoft Entra (formerly Azure AD)
Read MoreMicrosoft Entra (formerly Azure AD)
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.
Use Cases
- Enrichment of existing Armis devices with data exposed by Azure AD.
Compliance
- Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
- Associate users to devices.
- Ability to view the last logged-in device user.
Okta
Read MoreOkta
Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.
Use Cases
- Provide detailed device information and correlate it with other data sources
- Retrieve and collect user data
- Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory
Orca
Read MoreOrca
Orca Security secures enterprise multi-cloud environments at scale.
VIPR Pro ingests Orca findings, enriches prioritization based on asset profile, business risk weighting and root cause analysis, and operationalizes the cloud security remediation lifecycle – from Wiz findings to ownership assignment, remediation status and trend reporting.
Palo Alto Prisma Access
Read MorePalo Alto Prisma Access
Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.
Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.
Prisma Access has to be configured to send HIP reports to Panorama for this to work
Qualys
Read MoreQualys
The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.
Use Cases
- Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
- Verify device compliance with Qualys security policies by detecing:
- Devices missing vulnerability scans and patches
- Unmanaged devices.
- Initiate vulnerability scans based on automated Armis policies
Rapid7 InsightVM
Read MoreRapid7 InsightVM
Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.
Use Cases
- Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
- Verify device compliance with Rapid7 InsightVM security policies by detecting:
- Devices missing vulnerability scans and patches
- Unmanaged devices
- Vulnerable software (in conjunction with other data sources)
- Verify user privileges
- Initiate vulnerability scans based on automated Armis policies
Rapid7 Nexpose Data Warehouse
Read MoreRapid7 Nexpose Data Warehouse
Rapid7 Nexpose is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. Rapid7 offers a data warehouse solution.
Use Cases
Device data enrichment:
- Full visibility of all Rapid7 Nexpose related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Detection of vulnerable software by using correlations with other data sources
runZero
Read MorerunZero
runZero provides visibility into enterprises’ external attack surface.
VIPR Pro ingests, normalises and deduplicates asset data from runZero to: centralize asset inventory, enrich asset management profiles with custom metadata for adaptable prioritization.
Security ScoreCard
Read MoreSecurity ScoreCard
SecurityScorecard helps companies rate and understand any company’s security risk.
VIPR pro ingests, deduplicates and contextualizes host and web application vulnerability findings from SecurityScorecard to; prioritize based on risk and business impact through association with enriched asset profiles; operationalize the remediation process through remediaton ownership assignment and automated ticket generation and monitoring.
Semgrep
Read MoreSemgrep
Semgrep guides developers towards secure by default practices.
VIPR Pro ingests, normalizes and deduplicates code vulnerability and application security issues alerts generated by Semgrep to: prioritize findings based on contextualized risk and asset profiles, assign ownership for remediation fixes, and associate code snippets through automated ticketing task generation and tracking.
ServiceNow CMDB
Read MoreServiceNow CMDB
Armis sends device information to the ServiceNow CMDB.
Learn more about our integration with ServiceNowServiceNow Ticketing
Read MoreServiceNow Ticketing
Armis sends alert information to the ServiceNow platform for incident workflow and remediation.
Learn more about our integration with ServiceNowSlack
Read MoreSlack
Slack is a cloud-based team communication platform.
VIPR Pro supports bidirectional integration with Slack to: faciliate communication between security teams and remediation stakeholders; operationalize remediation actions and workflows.
Snyk
Read MoreSnyk
Snyk is a developer security platform.
VIPR Pro ingests, normalizes and deduplicates code package and container vulnerability alerts generated by Snyk to prioritize findings based on contextualized risk and asset profiles, assign ownership for remediation fixes, and associate code snippets through automated ticketing task generation and tracking.
SonarSource SonarQube
Read MoreSonarSource SonarQube
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells.
VIPR Pro utilizes this integration to ingest alerts for Infrastructure as Code misconfigurations and code security issues, as well as asset-related data for inventorying code repositories. Use cases for the integration include:
- Normalize and deduplicate SonarQube alerts from to generate IaC misconfigurations findings
- Enrich code repository profiles with asset data provided by SonarQube
- Contextualize and prioritize IaC misconfiguration findings with asset priority scores based on SonarQube data
- Associate code snippets from SonarQube IaC alerts with findings to provide remediation owners with actionable and specific fix guidance.
Tanium Interact
Read MoreTanium Interact
The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.
Use Cases
- Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
- Compliance:
- Detection of missing or malfunctioning Tanium Interact agents
- Detection of Tanium Interact agents running out-of-date software versions
- Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
- Ability to view the last logged-in device user
Veracode
Read MoreVeracode
Veracode helps developers build and scale secure software from code to cloud with speed and trust.
VIPR Pro ingests, normalizes, deduplicates and contextualizes Veracode application security and code package vulnerability alerts to: prioritize findings based on security risk, exploitability and business impact; operationalize remediation workflows for application security and developer teams.
Wiz
Read MoreWiz
Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Retrieve detailed information on cloud resources that are seen by Wiz
- Enrichment of existing Armis devices with data exposed by Wiz
Zendesk
Read MoreZendesk
Zendesk provides software-as-a-service products related to customer support, sales, and other customer communications.
VIPR Pro supports bidrectional integration with Zendesk: automating ticket generation with remediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.
All
Absolute
Read MoreAbsolute
Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.
Airgap
Read MoreAirgap
Airgap provides asset discovery for every device on your network, ML-driven network threat and performance monitoring at scale. And unlike “”observer” solutions, Airgap can take instant action to remedy risks.
This integration fetches useful information from the Airgap assets. The integration uses the Airgap rest API to fetch the information from the Airgap assets.
Use Cases
Device data enrichment:
- Full visibility of all Airgap assets
- Correlation of Airgap assets with other data sources (such as Active Directory, WLCs)
Compliance:
- The Creation Time and the Last Seen Time of the Airgap assets
Airlock Digital
Read MoreAirlock Digital
The Airlock Digital platform is a cybersecurity solution that focuses on application whitelisting and control. It helps organizations prevent unauthorized applications from running on their systems, improving their security posture. The platform provides a centralized management console for creating and managing application whitelists, as well as monitoring and reporting on application usage.
Alaris Medical
Read MoreAlaris Medical
The Alaris Integration provides full visibility into the Alaris system for inventory, security and utilization
Use Cases
- Ingest the Alaris Server configuration
- Provide full device identification – S/N, model, FW
- Show utilization & operational activity
Amazon Web Services (AWS)
Read MoreAmazon Web Services (AWS)
Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
Use Cases
Device data enrichment:
- Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.
Compliance:
- Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).
Aruba Central
Read MoreAruba Central
Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba ClearPass
Read MoreAruba ClearPass
Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.
Use Cases
- Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
- The retrieved information is correlated with other data sources
- Detect missing or malfunctioning agents
- Detect out-of-life or out-of-support agent versions
- Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass
Aruba Instant
Read MoreAruba Instant
Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba WLC
Read MoreAruba WLC
Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Use Cases
Device Enrichment – view, search and visualize:
- Access points & switches managed by Aruba WLC
- Wireless Clients
- Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
- Visibility: View current and historic wireless connections between devices and access points
- Define policies on abnormal connections
- Detect rogue access points
Atlassian Jira – Email Ticketing
Read MoreAtlassian Jira – Email Ticketing
Jira is a proprietary issue-tracking product developed by Atlassian that allows bug tracking and agile project management.
Use Cases
The Email Ticketing integration sends alerts by email to an email address associated with a ticketing system. This allows the user to configure an Armis automation flow, automatically raising tickets in Jira.
AWS Security Hub
Read MoreAWS Security Hub
AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation.
VIPR Pro ingests Security Hub findings and associates them with deduplicated cloud asset and resource profiles to automate prioritization based on security risk and business impact and operationalize the process of remediating critical findings.
BACnet
Read MoreBACnet
BACnet is a communication protocol for building automation and control (BAC) networks.
Use Cases
- Security and operational
The BACnet integration is automatically enabled for Armis customers
BigFix
Read MoreBigFix
BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Black Duck by Synopsys
Read MoreBlack Duck by Synopsys
Black Duck helps manage the security, quality, and license compliance risks for open source and third-party code.
VIPR Pro ingests, normallizes and correlates Black findings to: identify, group and prioritize code package vulnerabilities; operationalize remediation workflows and fix guidance for for application teams and developers.
BlackBerry Cybersecurity CylancePROTECT
Read MoreBlackBerry Cybersecurity CylancePROTECT
BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.
Use Cases
Retrieve detailed information on CylancePROTECT managed devices.
- The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.
Verify compliance with CylancePROTECT security policies by discovering the following:
- Missing or malfunctioning CylancePROTECT agents
- CylancePROTECT agents running out-of-date software versions
- Devices that are not running a CylancePROTECT agent
- Identify the last logged-in device user
BlueCat DHCP
Read MoreBlueCat DHCP
BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
- Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.
BMC Helix Configuration Management Database (CMDB)
Read MoreBMC Helix Configuration Management Database (CMDB)
The BMC Helix Configuration Management Database (CMDB) enriches ecosystem workflow with a business aware, single source of reference for your assets and services.
Use Cases
- Retrieve detailed information about BMC CMDB-inventory CIs
- Enrichment of existing Armis devices with data exposed by BMC CMDB
Bugcrowd
Read MoreBugcrowd
Bugcrowd safeguards organizations’ assets from sophisticated threat actors before by uniting customers with trusted hackers.
VIPR Pro ingests, normallizes and correlates Bugcrowd’s crowdsourced security alerts to: contextualize and associate Bugcrowd alerts with impacted assets to prioritize risk remediation actiions: assign ownership and track remediation task status through bidirectional integration with ticketing systems.
Cambian cnMaestro
Read MoreCambian cnMaestro
Cambium Networks cnMaestro is a cloud-based Wi-Fi management solution that provides monitoring
wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device enrichment:
- View, search, and visualize access points managed by Cambium cnMaestro WLC
- Enhance information on access points, such as serial number, firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or directly to the access points
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
Check Point Harmony (Sandblast)
Read MoreCheck Point Harmony (Sandblast)
Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.
Use Cases
- Device data enrichment
- Full visibility of all Check Point Harmony Endpoint managed devices
- Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)
Compliance
- The compliance status of Check Point Harmony Endpoint managed devices
- Isolation status of Check Point Harmony Endpoint managed devices
- View the groups in which the devices are located
- View the last time the device was accessed
Check Point IoT
Read MoreCheck Point IoT
Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.
Use Cases
- Analyze traffic logs.
- Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.
- Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.
Checkmarx
Read MoreCheckmarx
Checkmarx streamlines organizations’ DevSecOps, enabling organizations to identify and remediate vulnerabilities.
VIPR Pro ingests, normalizes, deduplicates and contextualizes Checkmarx application security and code package vulnerability alerts to: prioritize findings based on security risk, exploitability and business impact; operationalize remediation workflows for application security and developer teams.
Chef
Read MoreChef
The integration between Armis and Chef helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Case
Retrieve detailed information on Chef managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with Chef security policies by discovering the following:
- Missing or malfunctioning Chef agents
- Chef agents running out-of-date software versions
- Devices that are not running a Chef agent
- Identify the last logged-in device user
CircleCI
Read MoreCircleCI
CircleCI is a continuous integration and continuous delivery platform that can be used to implement DevOps practices.
VIPR Pro integrates with CircleCI to: inventory code repository assets; monitor and track CI/CD activity to understand ownership and responsibility for code assets; augment organizational structure mapping with asset ownership information.
Cisco ASA
Read MoreCisco ASA
The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.
Use Cases
- Retrieve information on all Cisco ASA devices and correlate it with other data sources.
- Collect information of the operating system running on the device.
Cisco Catalyst WLC
Read MoreCisco Catalyst WLC
A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.
Use Cases
- Retrieve information on all Cisco WLC devices and correlate it with other data sources.
Cisco Cyber Vision
Read MoreCisco Cyber Vision
Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments
Cisco DNA Center
Read MoreCisco DNA Center
Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.
Use Cases
- Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
- Enrichment of existing Armis devices with data exposed by Cisco DNA Center
Cisco ISE PxGrid
Read MoreCisco ISE PxGrid
Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.
Learn more about our integration with Cisco ISECisco Meraki
Read MoreCisco Meraki
Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.
Learn more about our integration with Cisco MerakiCisco Secure Endpoint
Read MoreCisco Secure Endpoint
Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.
Cisco Secure Workload
Read MoreCisco Secure Workload
Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.
This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.
Cisco UCS
Read MoreCisco UCS
The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.
This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.
Cisco Umbrella
Read MoreCisco Umbrella
Cisco Umbrella is a cloud-delive