Integrations and Adapters

Jira is a proprietary issue-tracking product developed by Atlassian that allows bug tracking and agile project management.

Use Cases

The Email Ticketing integration sends alerts by email to an email address associated with a ticketing system. This allows the user to configure an Armis automation flow, automatically raising tickets in Jira.

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Import Armis Alerts as ServiceNow Security Incidents.

The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.

Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more.

• Open tickets automatically for unmanaged, IoT, OT, medical device incidents
• Import Security Incidents in near real-time
• Triage, prioritize, and close Armis Alerts from ServiceNow
• Stop threats efficiently with policy-based enforcements Use Cases
• Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
• Receive additional and contextual information about devices and events from the Armis platform
• Leverage policy-based actions in the Armis platform to remediate threats and  update incidents for greater accuracy and efficiency.
• Import Armis Alerts as ServiceNow Security Incidents.
• Guided Setup and Embedded Help articles provide intuitive user experience.
• Integration Dashboards help contextualize and prioritize Armis Alerts.

The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.

Use Cases

• Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IT, IoT, OT/ICS, and medical devices
• Receive additional and contextual information about devices and events from the Armis platform
• Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.

Armis sends alert information to the ServiceNow platform for incident workflow and remediation.

Import Armis Device Vulnerabilities into ServiceNow
Armis is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems.  Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.

Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there–and what’s not.

When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.

Use Cases

• ServiceNow Operational Technology (OT) Certified
• Compatible with ServiceNow OT VR
• Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
• Prioritize device vulnerabilities to aid remediation efforts
• Automatically close stale Vulnerabilities
• Cross customer data to provide increased threat intelligence
• Designed to be fully compatible with the Service Graph Connector for Armis
• Guided Setup helps you get up and running quickly
• Support your Operational Technology OT VR workflows alongside IT VR

Armis and Siemplify enable organizations to take action automatically to protect critical information and systems.

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.

The Alaris Integration provides full visibility into the Alaris system for inventory, security and utilization

Use Cases

• Ingest the Alaris Server configuration
• Provide full device identification – S/N, model, FW
• Show utilization & operational activity

BACnet is a communication protocol for building automation and control (BAC) networks.

Use Cases

• Security and operational

The BACnet integration is automatically enabled for Armis customers

BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

The BMC Helix Configuration Management Database (CMDB) enriches ecosystem workflow with a business aware, single source of reference for your assets and services.

Use Cases

• Retrieve detailed information about BMC CMDB-inventory CIs
• Enrichment of existing Armis devices with data exposed by BMC CMDB

The integration between Armis and Chef helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

Use Case

Retrieve detailed information on Chef managed devices.

• The retrieved information is correlated with other data sources.

Verify compliance with Chef security policies by discovering the following:

• Missing or malfunctioning Chef agents

• Chef agents running out-of-date software versions

• Devices that are not running a Chef agent
• Identify the last logged-in device user

Upload CSV data to manually import new assets or add asset attributes for contextual analysis.

Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.

Use Cases

• Device data enrichment
• Enrichment of existing Armis devices with data exposed by Device42.

Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.

This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.

Use Cases

• Device data enrichment:
  • Full visibility of all Dynatrace OneAgent-managed devices.
  • Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).

Compliance

• The State of Dynatrace OneAgent-managed devices.
• Monitoring Mode of the Dynatrace OneAgent-monitored devices.
• View the last time the device was seen.

Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.

Use Cases

• Discover and display insights of any Eseye connected IoT device

Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.

The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.

Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.

The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

(Organizational Unique Identifier) The part of the MAC address that identifies the vendor of the network adapter. The OUI is the first three bytes of the six-byte field and is administered by the IEEE.

Use Cases

• Assists in identifying assets by manfactuturer, type and category

The OUI integration is automatically enabled for Armis customers

Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.

Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.

Use Cases

• Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
• View the last inventory scan time of devices.
• View the last login time of devices.

Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.

Use Cases

Provide detailed profile information on all Jamf managed devices, including:

• Last Check-in date

• Device name
• Network information
• Warranty status, etc.

• The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)

Verify device compliance with JAMF policies by detecting:

• Missing or malfunctioning Jamf agents

• Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed

• Identify the last logged-in device user

Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.

Use Cases

• Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
• Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
• Identify the last logged-in device user.

Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes.

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.

• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

Use Cases

• Provide detailed information on all NetBox related devices and correlate it with other data sources.

NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.

NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.

Use Cases

• Device data enrichment:
  • Full visibility of all NinjaOne-managed devices
  • Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)

Nutanix Prism is the control plane that simplifies and streamlines common workflows to make hypervisor and VM setup as easy as checking your email. This integration will fetch from the Prism API all information on the running VMs and Hosts in the environment.

Use Cases

• Provide detailed information on all Nutanix Prism-related devices and correlate it with other data sources
• Retrieve partial details about the operating system running on a device

Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.

Use Cases

Enrich existing Armis devices with data exposed by Nuvolo:

• Asset Tag
• Asset State
• Operation Status
• Owning Department
• Install Date
• Is Critical
• End of Support
• End of Life

Verify compliance with Nuvolo policies by detecting:

• Missing or malfunctioning Nuvolo agents
• Nuvolo agents running out-of-date software versions
• Devices that are not running a Nuvolo agent, such as:
  • Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.

• Push/send device interaction data to CMMS for use in displaying device dependency visualizations.

• Identify the last logged-in device user.

Puppet is an open source software configuration management and deployment tool.

Use Cases

• Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications

Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.

Use Cases

• Device data enrichment:
  • Full visibility of all Quest KACE managed devices
  • Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)

Radia is Endpoint Manager software that provides a unified way for organizations to manage constellation of endpoints, including PCs, servers, smartphones, thin clients, and VDIs to industry-specific devices such as ATMs, POS devices, and medical devices, from a single-pane-of-glass console.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.

Use Cases

• Device data enrichment
• Enrichment of existing Armis devices with data exposed by Red Hat Satellite

SaltStack, also known as Salt, is a configuration management and orchestration tool.

Use Cases

• Provide detailed information on all SaltStack related devices and correlate it with other data sources
• Retrieve the details about the operating system running on a device

Armis sends device information to the ServiceNow CMDB.

SolarWinds Orion is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.

Use Cases

Device data enrichment:

• Full visibility of all the devices from SolarWinds Orion for the following:
  • Devices Managed as a Node
  • Cloud Instances for AWS and Azure Cloud Providers
  • Additional data related to the Server and Applications as well as Network Interfaces with Server
  • Application (SAM)/Server Configuration Monitor (SCM) modules of SolarWinds Orion
  • Correlation of SolarWinds Orion managed devices with other data sources (such as Active Directory, WLCs)

Compliance:

• The status of SolarWinds Orion managed devices
• The states of the Cloud managed devices
• View the last sync time of the devices

SOTI MobiControl is a Enterprise Mobility Management (EMM) solution that provides visibility and control over where your business-critical mobile devices are, what they’re doing, how they’re performing, and what security or compliance risks they’re facing.

Deploy apps to smartphones. Enroll and provision new tablets in the field. Track the location of rugged devices. Identify and neutralize security risks to the Internet of Things (IoT) endpoints. Protect critical data stored on mobile devices. Minimize device downtime so field workers stay productive.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance Identify unmanaged assets

The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.

Use Cases

• Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
• Compliance:
  • Detection of missing or malfunctioning Tanium Interact agents
  • Detection of Tanium Interact agents running out-of-date software versions
  • Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
  • Ability to view the last logged-in device user

The Vectra Platform provides AI-driven threat detection and response for hybrid and multi-cloud environments. Vectra leverages patented Security AI to pinpoint attacker methods, prioritize threats, and automate response controls. Using the Vectra Platform, you gain unified attack visibility, context across public clouds, SaaS, identities, networks, and endpoints, as well as controls to respond effectively immediately.

Use Cases

• Analyze security gaps – ensure Vectra covers all assets and understand the health of the Vectra platform
• Enrichment of existing Armis devices with data exposed by Vectra

Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.

Use Cases

• Retrieve detailed information on all Viakoo related devices
  • The information includes Service Date, Compliance Status, Priority, Availability, and more
  • The information is correlated with other data sources
• Use data exposed by Viakoo to create new devices in the Armis Platform

• Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
• Retrieve partial details about the operating system running on a device

VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.

Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.

Use Cases

Device data enrichment:

• Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.

Compliance:

• Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).

Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

Use Cases

Device Enrichment – view, search and visualize:

• Access points & switches managed by Aruba WLC
• Wireless Clients
• Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
• Visibility: View current and historic wireless connections between devices and access points
• Define policies on abnormal connections
• Detect rogue access points

BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
• Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.

Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.

Use Cases

• Device data enrichment
• Full visibility of all Check Point Harmony Endpoint managed devices
• Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)

Compliance

• The compliance status of Check Point Harmony Endpoint managed devices
• Isolation status of Check Point Harmony Endpoint managed devices
• View the groups in which the devices are located
• View the last time the device was accessed

The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.

Use Cases

• Retrieve information on all Cisco ASA devices and correlate it with other data sources.
• Collect information of the operating system running on the device.

A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.

Use Cases

• Retrieve information on all Cisco WLC devices and correlate it with other data sources.

Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.

Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.

Use Cases

• Device data enrichment
• Enrichment of existing Armis devices with data exposed by Device42.

Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.

This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.

Use Cases

• Device data enrichment:
  • Full visibility of all Dynatrace OneAgent-managed devices.
  • Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).

Compliance

• The State of Dynatrace OneAgent-managed devices.
• Monitoring Mode of the Dynatrace OneAgent-monitored devices.
• View the last time the device was seen.

EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.

Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.

Use Cases

• Discover and display insights of any Eseye connected IoT device

Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.

Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.

The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.

Fortinet’s FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies.

The Armis platform imports north/south network traffic information from the FortiGate product.

Use Cases

• Retrieve detailed information on all Fortinet FortiGate related devices in the Armis Platform and correlate them with other data sources.
• Identify logged-in users.

Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.

The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.

Use Cases

• Provide detailed information on HP WLC equipment, including its identification and profile
• Collect information on HP WLC-managed Access Points (APs)
• Fetch detailed information on Clients (endpoints) that connect to Access Points.
• Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
• Map which endpoints are connected to which APs in the network

Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Illumio.

Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.

Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.

Use Cases

• Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
• View the last inventory scan time of devices.
• View the last login time of devices.

Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.

Use Cases

Provide detailed profile information on all Jamf managed devices, including:

• Last Check-in date

• Device name
• Network information
• Warranty status, etc.

• The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)

Verify device compliance with JAMF policies by detecting:

• Missing or malfunctioning Jamf agents

• Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed

• Identify the last logged-in device user

Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.

Use Cases

• Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
• Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
• Identify the last logged-in device user.

Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.

Use Case

• Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.

• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

Use Cases

• Provide detailed information on all NetBox related devices and correlate it with other data sources.

NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.

Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.

Use Cases

• Identify network equipment
• Retrieve ARP tables

NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.

Use Cases

• Device data enrichment:
  • Full visibility of all NinjaOne-managed devices
  • Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)

Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.

Use Cases

• Provide detailed device information and correlate it with other data sources
• Retrieve and collect user data
• Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory

The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.

Puppet is an open source software configuration management and deployment tool.

Use Cases

• Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications

Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.

Use Cases

• Device data enrichment:
  • Full visibility of all Quest KACE managed devices
  • Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)

Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.

Use Cases

• Device data enrichment
• Enrichment of existing Armis devices with data exposed by Red Hat Satellite

Rockwell Automation is a provider of industrial automation and information technology.

Use Cases

• Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
• Provide enhanced information on slots and nested devices

SaltStack, also known as Salt, is a configuration management and orchestration tool.

Use Cases

• Provide detailed information on all SaltStack related devices and correlate it with other data sources
• Retrieve the details about the operating system running on a device

Armis sends device information to the ServiceNow CMDB.

Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.

The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial control systems (ICS) environment is now possible.

Use Cases

• Fast enrichment of Siemens devices using Siemens Software Engineering files
• Full inventory information enrichment of existing devices-profile, modules information, etc.
• Creation of nested devices not visible to Armis through traffic inspection

Use Cases

• Inspect traffic
• Monitor activities
• Track connections
• Provide relevant data for accurate device identification
• Assist in user association

Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.

Use Cases

• Retrieve detailed information on all Viakoo related devices
  • The information includes Service Date, Compliance Status, Priority, Availability, and more
  • The information is correlated with other data sources
• Use data exposed by Viakoo to create new devices in the Armis Platform

• Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
• Retrieve partial details about the operating system running on a device

VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Retrieve detailed information on cloud resources that are seen by Wiz
• Enrichment of existing Armis devices with data exposed by Wiz

Armis and Zscaler integrate to retrieve detailed information about Zscaler-managed devices, users, and network traffic, and correlate it with other sources.

The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.

Use Case

Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.

These complementary abilities enable the following—and more:

• Automatic enforcement of endpoint-agent coverage
• Faster threat mitigation and threat remediation
• Reducing risks through orchestrated vulnerability response and vulnerability remediation

Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.

Use Cases

Device data enrichment:

• Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.

Compliance:

• Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).

GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.

Use Cases

• Retrieve information on GCP related devices, including their identification and operating system details.

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.

Use Cases

• Enrichment of existing Armis devices with data exposed by Netskope.

The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.

Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Retrieve detailed information on cloud resources that are seen by Wiz
• Enrichment of existing Armis devices with data exposed by Wiz

BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
• Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.

EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.

Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.

Use Cases

• Provide information on all Infoblox DDI related devices and correlate it with other data sources.
• Verify device compliance with Infoblox DDI policies:
  • Detect devices missing vulnerability scans and patches
  • Detect unmanaged devices
  • Use correlation with other data sources to detect vulnerable software
• Verify user privileges

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.

Use Cases

Retrieve detailed information on CylancePROTECT managed devices.

• The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.

Verify compliance with CylancePROTECT security policies by discovering the following:

• Missing or malfunctioning CylancePROTECT agents
• CylancePROTECT agents running out-of-date software versions
• Devices that are not running a CylancePROTECT agent
• Identify the last logged-in device user

Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.

Use Cases

• Device data enrichment
• Full visibility of all Check Point Harmony Endpoint managed devices
• Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)

Compliance

• The compliance status of Check Point Harmony Endpoint managed devices
• Isolation status of Check Point Harmony Endpoint managed devices
• View the groups in which the devices are located
• View the last time the device was accessed

Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.

CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.

Use Cases

Retrieve detailed information on CrowdStrike managed devices.

• The retrieved information is correlated with other data sources.

Verify compliance with CrowdStrike security policies by discovering the following:

• Missing or malfunctioning CrowdStrike agents
• CrowdStrike agents running out-of-date software versions
• Devices that are not running a CrowdStrike agent
• Identify the last logged-in device user

Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.

Use Case

• Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.

McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.

Use Cases

• Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.

The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP

The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.

Use Case

• Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
• Verify device compliance with Sentinel One policies by detecting:
  • Missing or malfunctioning Sentinel One agents
  • Sentinel One agents running out-of-date software versions
  • Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
  • Identify the last logged-in device user

Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.

The integration retrieves detailed information on Sophos Intercept X managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.

Use Cases

• Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.

Use Cases

• Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
• Verify compliance with FireEye security policies by discovering the following:
  • Missing or malfunctioning FireEye agents
  • FireEye agents running out-of-date software versions
  • Devices that are not running a FireEye agent
  • Identify the last logged-in device user

Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.

The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.

Use Cases

• Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
• Detect compliance of missing or malfunctioning Carbon Black Defense agents
• Detect Carbon Black Defense agents running out-of-date software versions
• Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
• Identify the last logged-in device user

Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.

Use Cases

• Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
• The retrieved information is correlated with other data sources
• Detect missing or malfunctioning agents
• Detect out-of-life or out-of-support agent versions
• Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass

Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.

Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.

This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.

Use Cases

• Device data enrichment:
  • Full visibility of all Dynatrace OneAgent-managed devices.
  • Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).

Compliance

• The State of Dynatrace OneAgent-managed devices.
• Monitoring Mode of the Dynatrace OneAgent-monitored devices.
• View the last time the device was seen.

This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.

Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.

The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.

Palo Alto Networks List Management integration.

Use Cases

• Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement

• Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies

The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.

Use Case

Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.

These complementary abilities enable the following—and more:

• Automatic enforcement of endpoint-agent coverage
• Faster threat mitigation and threat remediation
• Reducing risks through orchestrated vulnerability response and vulnerability remediation

Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.

Use Cases

• Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
• The retrieved information is correlated with other data sources
• Detect missing or malfunctioning agents
• Detect out-of-life or out-of-support agent versions
• Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass

Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.

Use Cases

• Analyze traffic logs.

• Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.

• Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.

The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.

Use Cases

• Retrieve information on all Cisco ASA devices and correlate it with other data sources.
• Collect information of the operating system running on the device.

Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.

This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.

Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.

The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.

Fortinet’s FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies.

The Armis platform imports north/south network traffic information from the FortiGate product.

Use Cases

• Retrieve detailed information on all Fortinet FortiGate related devices in the Armis Platform and correlate them with other data sources.
• Identify logged-in users.

FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. FortiManager provides centralized policy-based provisioning and configuration management for FortiGate, FortiWiFi, FortiAP, and other devices.

Use Cases

• Device IP enforcement

Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Illumio.

Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.

Use Cases

• Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
• Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
• Enrich existing devices with traffic data from their VPN network connections
• Provide detailed information on all GlobalProtect related devices and correlate it with other data sources

Palo Alto Networks List Management integration.

Use Cases

• Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement

• Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies

The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.

Use Cases

• Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
• Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)

MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.

Use Cases

• View MDS2 privacy and security attributes mapped to assets and to assess risk

The MDS2 integration is automatically enabled for Armis customers

The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.

Use Cases

• Identify assets on FDA recall lists

The FDA integration is automatically enabled for Armis customers

Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.

Use Cases

• Identify Duo users
• Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
  • Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
• Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
  • Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.

Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.

Use Cases

• Provide detailed device information and correlate it with other data sources
• Retrieve and collect user data
• Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory

OneLogin’s unified access management platform centralizes access across cloud environments to give full control, management, and security for data, devices, and users.

Use Cases

User enrichment:

• Full visibility of all the users from OneLogin
• Correlation of OneLogin users with other data sources (such as Okta, Duo Beyond and Active Directory)

The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.

Rockwell Automation is a provider of industrial automation and information technology.

Use Cases

• Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
• Provide enhanced information on slots and nested devices

Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.

The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial control systems (ICS) environment is now possible.

Use Cases

• Fast enrichment of Siemens devices using Siemens Software Engineering files
• Full inventory information enrichment of existing devices-profile, modules information, etc.
• Creation of nested devices not visible to Armis through traffic inspection

BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.

Use Cases

Retrieve detailed information on CylancePROTECT managed devices.

• The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.

Verify compliance with CylancePROTECT security policies by discovering the following:

• Missing or malfunctioning CylancePROTECT agents
• CylancePROTECT agents running out-of-date software versions
• Devices that are not running a CylancePROTECT agent
• Identify the last logged-in device user

Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.

Use Cases

• Analyze traffic logs.

• Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.

• Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.

CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.

Use Cases

Retrieve detailed information on CrowdStrike managed devices.

• The retrieved information is correlated with other data sources.

Verify compliance with CrowdStrike security policies by discovering the following:

• Missing or malfunctioning CrowdStrike agents
• CrowdStrike agents running out-of-date software versions
• Devices that are not running a CrowdStrike agent
• Identify the last logged-in device user

Dropbox is a SaaS file sharing and cloud storage platform.

Use Cases

• Import user accounts
• Import user activities

Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.

Use Cases

• Identify Duo users
• Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
  • Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
• Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
  • Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.

Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.

Use Cases

• Provide information on all Infoblox DDI related devices and correlate it with other data sources.
• Verify device compliance with Infoblox DDI policies:
  • Detect devices missing vulnerability scans and patches
  • Detect unmanaged devices
  • Use correlation with other data sources to detect vulnerable software
• Verify user privileges

McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.

Use Cases

• Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts

Use Cases

• Matching alerts with devices
• Visualise NHS Cyber Alerts and their affected devices
• Prioritization with Armis Asset Vulnerability Management (AVM)
• Status tracking

Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.

Use Cases

Enrich existing Armis devices with data exposed by Nuvolo:

• Asset Tag
• Asset State
• Operation Status
• Owning Department
• Install Date
• Is Critical
• End of Support
• End of Life

Verify compliance with Nuvolo policies by detecting:

• Missing or malfunctioning Nuvolo agents
• Nuvolo agents running out-of-date software versions
• Devices that are not running a Nuvolo agent, such as:
  • Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.

• Push/send device interaction data to CMMS for use in displaying device dependency visualizations.

• Identify the last logged-in device user.

Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.

The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.

Use Cases

• Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
• Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
• Enrich existing devices with traffic data from their VPN network connections
• Provide detailed information on all GlobalProtect related devices and correlate it with other data sources

The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.

Use Cases

• Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
• Verify device compliance with Qualys security policies by detecing:
  • Devices missing vulnerability scans and patches
  • Unmanaged devices.
• Initiate vulnerability scans based on automated Armis policies

Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.

Use Cases

• Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
• Verify device compliance with Rapid7 InsightVM security policies by detecting
  • Devices missing vulnerability scans and patches
  • Unmanaged devices
  • Vulnerable software (in conjunction with other data sources)
• Verify user privileges
• Initiate vulnerability scans based on automated Armis policies

The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.

Use Case

• Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
• Verify device compliance with Sentinel One policies by detecting:
  • Missing or malfunctioning Sentinel One agents
  • Sentinel One agents running out-of-date software versions
  • Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
  • Identify the last logged-in device user

Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.

The integration retrieves detailed information on Sophos Intercept X managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.

Use Cases

• Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.

Use Cases

• Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
• Compliance:
  • Detection of missing or malfunctioning Tanium Interact agents
  • Detection of Tanium Interact agents running out-of-date software versions
  • Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
  • Ability to view the last logged-in device user

Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.

Use Cases

• Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
• Compliance:
  • Detection of devices missing vulnerability scans and patches
  • Detection of unmanaged devices
  • Using correlation with other data sources to detect vulnerable software
  • Verification of user privileges
  • Orchestration — Initiating vulnerability scans based on automated Armis policies

Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.

Use Cases

• Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
• Compliance:
  • Detection of devices missing vulnerability scans and patches
  • Detection of unmanaged devices
  • Using correlation with other data sources to detect vulnerable software
  • Verification of user privileges
• Orchestration—Initiating vulnerability scans based on automated Armis policies

Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.

Use Cases

• Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
• Verify compliance with FireEye security policies by discovering the following:
  • Missing or malfunctioning FireEye agents
  • FireEye agents running out-of-date software versions
  • Devices that are not running a FireEye agent
  • Identify the last logged-in device user

Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.

The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.

Use Cases

• Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
• Detect compliance of missing or malfunctioning Carbon Black Defense agents
• Detect Carbon Black Defense agents running out-of-date software versions
• Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
• Identify the last logged-in device user

Dropbox is a SaaS file sharing and cloud storage platform.

Use Cases

• Import user accounts
• Import user activities

Armis and Siemplify enable organizations to take action automatically to protect critical information and systems.

Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.

Use Cases

• Identify network equipment
• Retrieve ARP tables

Use Cases

• Inspect traffic
• Monitor activities
• Track connections
• Provide relevant data for accurate device identification
• Assist in user association

Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.

Use Cases

• Enrichment of existing Armis devices with data exposed by Netskope.

The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.

Use Cases

• Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
• Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.

The CVE integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

Cybersecurity and Infrastructure Security Agency (CISA) manages a catalog of Known Exploited Vulnerabilities (KEV) and requires federal civilian agencies to remediate such vulnerabilities within specific timeframes.

Use Cases

• Audit vulnerability remediation by the CISA Due Date

The CISA KEV integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Their goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The EPSS integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.

The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.

Use Cases

• View MDS2 privacy and security attributes mapped to assets and to assess risk

The MDS2 integration is automatically enabled for Armis customers

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

The MITRE ATT&CK® integration is automatically enabled for Armis customers.

The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

The NIST NVD integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts

Use Cases

• Matching alerts with devices
• Visualise NHS Cyber Alerts and their affected devices
• Prioritization with Armis Asset Vulnerability Management (AVM)
• Status tracking

The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.

Use Cases

• Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
• Verify device compliance with Qualys security policies by detecing:
  • Devices missing vulnerability scans and patches
  • Unmanaged devices.
• Initiate vulnerability scans based on automated Armis policies

Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.

Use Cases

• Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
• Verify device compliance with Rapid7 InsightVM security policies by detecting
  • Devices missing vulnerability scans and patches
  • Unmanaged devices
  • Vulnerable software (in conjunction with other data sources)
• Verify user privileges
• Initiate vulnerability scans based on automated Armis policies

Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.

Use Cases

• Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
• Compliance:
  • Detection of devices missing vulnerability scans and patches
  • Detection of unmanaged devices
  • Using correlation with other data sources to detect vulnerable software
  • Verification of user privileges
  • Orchestration — Initiating vulnerability scans based on automated Armis policies

Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.

Use Cases

• Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
• Compliance:
  • Detection of devices missing vulnerability scans and patches
  • Detection of unmanaged devices
  • Using correlation with other data sources to detect vulnerable software
  • Verification of user privileges
• Orchestration—Initiating vulnerability scans based on automated Armis policies

The Tor network is a system that facilitates anonymous communication by concealing a user’s Internet Protocol (IP) address through encryption and a series of self-described anonymous and private connections. The Tor network receives its name from the original software project it is based upon, ‘The onion router’.

Use Cases

• Alert to Tor traffic on the corporate network
• The Tor integration is automatically enabled for Armis customers

The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.

Use Cases

• Identify assets on FDA recall lists

The FDA integration is automatically enabled for Armis customers

VirusTotal analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. Their goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers and end users of all kinds.

The VirusTotal integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

Use Cases

Device Enrichment – view, search and visualize:

• Access points & switches managed by Aruba WLC
• Wireless Clients
• Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
• Visibility: View current and historic wireless connections between devices and access points
• Define policies on abnormal connections
• Detect rogue access points

Cambium Networks cnMaestro is a cloud-based Wi-Fi management solution that provides monitoring
wireless traffic, wireless device details, and providing real-time visibility into the network.

Use Cases

Device enrichment:

• View, search, and visualize access points managed by Cambium cnMaestro WLC
• Enhance information on access points, such as serial number, firmware version, and more
• View and analyze wireless and wired clients connected to the network, via Wi-Fi or directly to the access points

Wireless Connections Visibility:

• View current and historical wireless connections between devices and access points

A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.

Use Cases

• Retrieve information on all Cisco WLC devices and correlate it with other data sources.

Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.

Use Cases

• Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
• Enrichment of existing Armis devices with data exposed by Cisco DNA Center

Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.

Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.

The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.

Use Cases

• Provide detailed information on HP WLC equipment, including its identification and profile
• Collect information on HP WLC-managed Access Points (APs)
• Fetch detailed information on Clients (endpoints) that connect to Access Points.
• Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
• Map which endpoints are connected to which APs in the network

Juniper Mist is a cloud-based Wi-Fi management solution that provides monitoring wireless traffic, wireless device details, and providing real-time visibility into the network.

Use Cases

Device Enrichment:

• View, search, and visualize access points and switches managed by Mist WLC
• Enhance information on access points and switches, such as serial number firmware version, and more
• View and analyze wireless and wired clients connected to the network, via Wi-Fi or via Mist-managed switches

Wireless Connections Visibility:

• View current and historical wireless connections between devices and access points