Integrations and Adapters
Armis integrates easily with the tools you already have in your security architecture, allowing you to leverage existing investments to achieve greater value and more automated response.
Alerts & Notifications
Atlassian Jira – Email Ticketing
Read MoreAtlassian Jira – Email Ticketing
Jira is a proprietary issue-tracking product developed by Atlassian that allows bug tracking and agile project management.
Use Cases
The Email Ticketing integration sends alerts by email to an email address associated with a ticketing system. This allows the user to configure an Armis automation flow, automatically raising tickets in Jira.
Exabeam
Read MoreExabeam
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
LogRhythm
Read MoreLogRhythm
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Microsoft Azure Sentinel
Read MoreMicrosoft Azure Sentinel
The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.
The integration is provided as an Azure Marketplace App available here.
QRadar
Read MoreQRadar
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
ServiceNow Armis Security Incident
Read MoreServiceNow Armis Security Incident
Import Armis Alerts as ServiceNow Security Incidents.
The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more.
- Open tickets automatically for unmanaged, IoT, OT, medical device incidents
- Import Security Incidents in near real-time
- Triage, prioritize, and close Armis Alerts from ServiceNow
- Stop threats efficiently with policy-based enforcements Use Cases
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and update incidents for greater accuracy and efficiency.
- Import Armis Alerts as ServiceNow Security Incidents.
- Guided Setup and Embedded Help articles provide intuitive user experience.
- Integration Dashboards help contextualize and prioritize Armis Alerts.
ServiceNow Incident Integration
Read MoreServiceNow Incident Integration
The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Use Cases
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IT, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.
ServiceNow Ticketing
Read MoreServiceNow Ticketing
Armis sends alert information to the ServiceNow platform for incident workflow and remediation.
Learn more about our integration with ServiceNowServiceNow Vulnerability Response
Read MoreServiceNow Vulnerability Response
Import Armis Device Vulnerabilities into ServiceNow
Armis is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems. Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.
Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there–and what’s not.
When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.
Use Cases
- ServiceNow Operational Technology (OT) Certified
- Compatible with ServiceNow OT VR
- Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
- Prioritize device vulnerabilities to aid remediation efforts
- Automatically close stale Vulnerabilities
- Cross customer data to provide increased threat intelligence
- Designed to be fully compatible with the Service Graph Connector for Armis
- Guided Setup helps you get up and running quickly
- Support your Operational Technology OT VR workflows alongside IT VR
Siemplify
Read MoreSiemplify
Armis and Siemplify enable organizations to take action automatically to protect critical information and systems.
Splunk
Read MoreSplunk
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Sumo Logic
Read MoreSumo Logic
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Trellix Helix (FireEye)
Read MoreTrellix Helix (FireEye)
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Asset & System Management
Absolute
Read MoreAbsolute
Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.
Alaris Medical
Read MoreAlaris Medical
The Alaris Integration provides full visibility into the Alaris system for inventory, security and utilization
Use Cases
- Ingest the Alaris Server configuration
- Provide full device identification – S/N, model, FW
- Show utilization & operational activity
BACnet
Read MoreBACnet
BACnet is a communication protocol for building automation and control (BAC) networks.
Use Cases
- Security and operational
The BACnet integration is automatically enabled for Armis customers
BigFix
Read MoreBigFix
BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
BMC Helix Configuration Management Database (CMDB)
Read MoreBMC Helix Configuration Management Database (CMDB)
The BMC Helix Configuration Management Database (CMDB) enriches ecosystem workflow with a business aware, single source of reference for your assets and services.
Use Cases
- Retrieve detailed information about BMC CMDB-inventory CIs
- Enrichment of existing Armis devices with data exposed by BMC CMDB
Chef
Read MoreChef
The integration between Armis and Chef helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Case
Retrieve detailed information on Chef managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with Chef security policies by discovering the following:
- Missing or malfunctioning Chef agents
- Chef agents running out-of-date software versions
- Devices that are not running a Chef agent
- Identify the last logged-in device user
CSV
Read MoreCSV
Upload CSV data to manually import new assets or add asset attributes for contextual analysis.
Device42
Read MoreDevice42
Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Device42.
Dynatrace
Read MoreDynatrace
Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.
This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.
Use Cases
- Device data enrichment:
- Full visibility of all Dynatrace OneAgent-managed devices.
- Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).
Compliance
- The State of Dynatrace OneAgent-managed devices.
- Monitoring Mode of the Dynatrace OneAgent-monitored devices.
- View the last time the device was seen.
Eseye
Read MoreEseye
Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.
Use Cases
- Discover and display insights of any Eseye connected IoT device
Flexera One
Read MoreFlexera One
Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.
The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.
Google Endpoint Manager – ChromeOS
Read MoreGoogle Endpoint Manager – ChromeOS
Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.
The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
IEEE – Organizationally Unique Identifier (OUI)
Read MoreIEEE – Organizationally Unique Identifier (OUI)
(Organizational Unique Identifier) The part of the MAC address that identifies the vendor of the network adapter. The OUI is the first three bytes of the six-byte field and is administered by the IEEE.
Use Cases
- Assists in identifying assets by manfactuturer, type and category
The OUI integration is automatically enabled for Armis customers
Ivanti Endpoint Management (Landesk)
Read MoreIvanti Endpoint Management (Landesk)
Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.
Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.
Use Cases
- Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
- View the last inventory scan time of devices.
- View the last login time of devices.
Jamf
Read MoreJamf
Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.
Use Cases
Provide detailed profile information on all Jamf managed devices, including:
- Last Check-in date
- Device name
- Network information
- Warranty status, etc.
- The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)
Verify device compliance with JAMF policies by detecting:
- Missing or malfunctioning Jamf agents
- Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed
- Identify the last logged-in device user
Kaseya VSA
Read MoreKaseya VSA
Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.
Use Cases
- Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
- Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
- Identify the last logged-in device user.
Lansweeper
Read MoreLansweeper
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes.
Microsoft Active Directory
Read MoreMicrosoft Active Directory
Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.
Use Cases
Retrieve detailed information on all Active Directory users and machines
- The retrieved information is correlated with other data sources.
- Identify user access by device and timeline
- Fetch the details about user access per machine
- Obtain the status of each account
- Add third-party integrations to identify the last logged in user by device
Verify compliance with Active Directory security policies by detecting the following:
- Computers with the AD Account disabled
- Computer accounts with the AD Password set to Not Required or Never Expire
- Computers that are not configured to require any pre-authentication
Microsoft Azure Active Directory (Azure AD)
Read MoreMicrosoft Azure Active Directory (Azure AD)
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.
Use Cases
- Enrichment of existing Armis devices with data exposed by Azure AD.
Compliance
- Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
- Associate users to devices.
- Ability to view the last logged-in device user.
Microsoft Endpoint Manager (Intune)
Read MoreMicrosoft Endpoint Manager (Intune)
Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Microsoft System Center Configuration Manager (SCCM) & Bitlocker
Read MoreMicrosoft System Center Configuration Manager (SCCM) & Bitlocker
Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.
Use Cases
- Gain full application visibility on managed SCCM devices, including offline applications.
- Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
- Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.
Netbox
Read MoreNetbox
The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Cases
- Provide detailed information on all NetBox related devices and correlate it with other data sources.
NetBrain
Read MoreNetBrain
NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.
NinjaOne
Read MoreNinjaOne
NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.
Use Cases
- Device data enrichment:
- Full visibility of all NinjaOne-managed devices
- Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)
Nutanix Prism
Read MoreNutanix Prism
Nutanix Prism is the control plane that simplifies and streamlines common workflows to make hypervisor and VM setup as easy as checking your email. This integration will fetch from the Prism API all information on the running VMs and Hosts in the environment.
Use Cases
- Provide detailed information on all Nutanix Prism-related devices and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
Nuvolo
Read MoreNuvolo
Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.
Use Cases
Enrich existing Armis devices with data exposed by Nuvolo:
- Asset Tag
- Asset State
- Operation Status
- Owning Department
- Install Date
- Is Critical
- End of Support
- End of Life
Verify compliance with Nuvolo policies by detecting:
- Missing or malfunctioning Nuvolo agents
- Nuvolo agents running out-of-date software versions
- Devices that are not running a Nuvolo agent, such as:
- Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.
- Push/send device interaction data to CMMS for use in displaying device dependency visualizations.
- Identify the last logged-in device user.
Puppet
Read MorePuppet
Puppet is an open source software configuration management and deployment tool.
Use Cases
- Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications
Quest KACE
Read MoreQuest KACE
Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.
Use Cases
- Device data enrichment:
- Full visibility of all Quest KACE managed devices
- Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)
Radia Endpoint Manager
Read MoreRadia Endpoint Manager
Radia is Endpoint Manager software that provides a unified way for organizations to manage constellation of endpoints, including PCs, servers, smartphones, thin clients, and VDIs to industry-specific devices such as ATMs, POS devices, and medical devices, from a single-pane-of-glass console.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Red Hat Satellite
Read MoreRed Hat Satellite
Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Red Hat Satellite
SaltStack
Read MoreSaltStack
SaltStack, also known as Salt, is a configuration management and orchestration tool.
Use Cases
- Provide detailed information on all SaltStack related devices and correlate it with other data sources
- Retrieve the details about the operating system running on a device
ServiceNow CMDB
Read MoreServiceNow CMDB
Armis sends device information to the ServiceNow CMDB.
Learn more about our integration with ServiceNowSolarWinds Orion
Read MoreSolarWinds Orion
SolarWinds Orion is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.
Use Cases
Device data enrichment:
- Full visibility of all the devices from SolarWinds Orion for the following:
- Devices Managed as a Node
- Cloud Instances for AWS and Azure Cloud Providers
- Additional data related to the Server and Applications as well as Network Interfaces with Server
- Application (SAM)/Server Configuration Monitor (SCM) modules of SolarWinds Orion
- Correlation of SolarWinds Orion managed devices with other data sources (such as Active Directory, WLCs)
Compliance:
- The status of SolarWinds Orion managed devices
- The states of the Cloud managed devices
- View the last sync time of the devices
SOTI MobiControl
Read MoreSOTI MobiControl
SOTI MobiControl is a Enterprise Mobility Management (EMM) solution that provides visibility and control over where your business-critical mobile devices are, what they’re doing, how they’re performing, and what security or compliance risks they’re facing.
Deploy apps to smartphones. Enroll and provision new tablets in the field. Track the location of rugged devices. Identify and neutralize security risks to the Internet of Things (IoT) endpoints. Protect critical data stored on mobile devices. Minimize device downtime so field workers stay productive.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance Identify unmanaged assets
Tanium Interact
Read MoreTanium Interact
The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.
Use Cases
- Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
- Compliance:
- Detection of missing or malfunctioning Tanium Interact agents
- Detection of Tanium Interact agents running out-of-date software versions
- Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
- Ability to view the last logged-in device user
Vectra
Read MoreVectra
The Vectra Platform provides AI-driven threat detection and response for hybrid and multi-cloud environments. Vectra leverages patented Security AI to pinpoint attacker methods, prioritize threats, and automate response controls. Using the Vectra Platform, you gain unified attack visibility, context across public clouds, SaaS, identities, networks, and endpoints, as well as controls to respond effectively immediately.
Use Cases
- Analyze security gaps – ensure Vectra covers all assets and understand the health of the Vectra platform
- Enrichment of existing Armis devices with data exposed by Vectra
Viakoo
Read MoreViakoo
Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.
Use Cases
- Retrieve detailed information on all Viakoo related devices
- The information includes Service Date, Compliance Status, Priority, Availability, and more
- The information is correlated with other data sources
- Use data exposed by Viakoo to create new devices in the Armis Platform
VMware vCenter / ESXi
Read MoreVMware vCenter / ESXi
- Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
VMware Workspace ONE
Read MoreVMware Workspace ONE
VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Asset Inventory
Absolute
Read MoreAbsolute
Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.
Amazon Web Services (AWS)
Read MoreAmazon Web Services (AWS)
Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
Use Cases
Device data enrichment:
- Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.
Compliance:
- Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).
Aruba Instant
Read MoreAruba Instant
Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba WLC
Read MoreAruba WLC
Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Use Cases
Device Enrichment – view, search and visualize:
- Access points & switches managed by Aruba WLC
- Wireless Clients
- Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
- Visibility: View current and historic wireless connections between devices and access points
- Define policies on abnormal connections
- Detect rogue access points
BigFix
Read MoreBigFix
BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
BlueCat DHCP
Read MoreBlueCat DHCP
BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
- Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.
Check Point Harmony (Sandblast)
Read MoreCheck Point Harmony (Sandblast)
Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.
Use Cases
- Device data enrichment
- Full visibility of all Check Point Harmony Endpoint managed devices
- Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)
Compliance
- The compliance status of Check Point Harmony Endpoint managed devices
- Isolation status of Check Point Harmony Endpoint managed devices
- View the groups in which the devices are located
- View the last time the device was accessed
Cisco ASA
Read MoreCisco ASA
The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.
Use Cases
- Retrieve information on all Cisco ASA devices and correlate it with other data sources.
- Collect information of the operating system running on the device.
Cisco Catalyst WLC
Read MoreCisco Catalyst WLC
A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.
Use Cases
- Retrieve information on all Cisco WLC devices and correlate it with other data sources.
Cisco Meraki
Read MoreCisco Meraki
Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.
Learn more about our integration with Cisco MerakiDevice42
Read MoreDevice42
Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Device42.
Dynatrace
Read MoreDynatrace
Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.
This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.
Use Cases
- Device data enrichment:
- Full visibility of all Dynatrace OneAgent-managed devices.
- Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).
Compliance
- The State of Dynatrace OneAgent-managed devices.
- Monitoring Mode of the Dynatrace OneAgent-monitored devices.
- View the last time the device was seen.
EfficientIP SOLIDserver DDI
Read MoreEfficientIP SOLIDserver DDI
EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.
Eseye
Read MoreEseye
Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.
Use Cases
- Discover and display insights of any Eseye connected IoT device
Extreme WLC
Read MoreExtreme WLC
Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.
Flexera One
Read MoreFlexera One
Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.
The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.
FortiGate
Read MoreFortiGate
Fortinet’s FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies.
The Armis platform imports north/south network traffic information from the FortiGate product.
Use Cases
- Retrieve detailed information on all Fortinet FortiGate related devices in the Armis Platform and correlate them with other data sources.
- Identify logged-in users.
Google Endpoint Manager – ChromeOS
Read MoreGoogle Endpoint Manager – ChromeOS
Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.
The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Hewlett Packard (HP) WLC
Read MoreHewlett Packard (HP) WLC
The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.
Use Cases
- Provide detailed information on HP WLC equipment, including its identification and profile
- Collect information on HP WLC-managed Access Points (APs)
- Fetch detailed information on Clients (endpoints) that connect to Access Points.
- Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
- Map which endpoints are connected to which APs in the network
Illumio
Read MoreIllumio
Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Illumio.
Ivanti Endpoint Management (Landesk)
Read MoreIvanti Endpoint Management (Landesk)
Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.
Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.
Use Cases
- Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
- View the last inventory scan time of devices.
- View the last login time of devices.
Jamf
Read MoreJamf
Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.
Use Cases
Provide detailed profile information on all Jamf managed devices, including:
- Last Check-in date
- Device name
- Network information
- Warranty status, etc.
- The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)
Verify device compliance with JAMF policies by detecting:
- Missing or malfunctioning Jamf agents
- Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed
- Identify the last logged-in device user
Kaseya VSA
Read MoreKaseya VSA
Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.
Use Cases
- Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
- Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
- Identify the last logged-in device user.
Malwarebytes
Read MoreMalwarebytes
Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.
Use Case
- Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.
Microsoft Active Directory
Read MoreMicrosoft Active Directory
Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.
Use Cases
Retrieve detailed information on all Active Directory users and machines
- The retrieved information is correlated with other data sources.
- Identify user access by device and timeline
- Fetch the details about user access per machine
- Obtain the status of each account
- Add third-party integrations to identify the last logged in user by device
Verify compliance with Active Directory security policies by detecting the following:
- Computers with the AD Account disabled
- Computer accounts with the AD Password set to Not Required or Never Expire
- Computers that are not configured to require any pre-authentication
Microsoft Azure
Read MoreMicrosoft Azure
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
Use Cases
- Provide detailed information on Microsoft Azure VMs.
- Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).
Microsoft Azure Active Directory (Azure AD)
Read MoreMicrosoft Azure Active Directory (Azure AD)
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.
Use Cases
- Enrichment of existing Armis devices with data exposed by Azure AD.
Compliance
- Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
- Associate users to devices.
- Ability to view the last logged-in device user.
Microsoft DHCP
Read MoreMicrosoft DHCP
Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
- Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.
Microsoft Endpoint Manager (Intune)
Read MoreMicrosoft Endpoint Manager (Intune)
Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Netbox
Read MoreNetbox
The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Cases
- Provide detailed information on all NetBox related devices and correlate it with other data sources.
NetBrain
Read MoreNetBrain
NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.
Network Mapper
Read MoreNetwork Mapper
Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.
Use Cases
- Identify network equipment
- Retrieve ARP tables
NinjaOne
Read MoreNinjaOne
NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.
Use Cases
- Device data enrichment:
- Full visibility of all NinjaOne-managed devices
- Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)
Okta
Read MoreOkta
Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.
Use Cases
- Provide detailed device information and correlate it with other data sources
- Retrieve and collect user data
- Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory
Oracle
Read MoreOracle
The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.
Puppet
Read MorePuppet
Puppet is an open source software configuration management and deployment tool.
Use Cases
- Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications
Quest KACE
Read MoreQuest KACE
Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.
Use Cases
- Device data enrichment:
- Full visibility of all Quest KACE managed devices
- Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)
Red Hat Satellite
Read MoreRed Hat Satellite
Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Red Hat Satellite
Rockwell Engineering Workstation (EWS)
Read MoreRockwell Engineering Workstation (EWS)
Rockwell Automation is a provider of industrial automation and information technology.
Use Cases
- Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
- Provide enhanced information on slots and nested devices
SaltStack
Read MoreSaltStack
SaltStack, also known as Salt, is a configuration management and orchestration tool.
Use Cases
- Provide detailed information on all SaltStack related devices and correlate it with other data sources
- Retrieve the details about the operating system running on a device
ServiceNow CMDB
Read MoreServiceNow CMDB
Armis sends device information to the ServiceNow CMDB.
Learn more about our integration with ServiceNowSiemens Engineering Workstation (EWS)
Read MoreSiemens Engineering Workstation (EWS)
Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.
The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial control systems (ICS) environment is now possible.
Use Cases
- Fast enrichment of Siemens devices using Siemens Software Engineering files
- Full inventory information enrichment of existing devices-profile, modules information, etc.
- Creation of nested devices not visible to Armis through traffic inspection
Switch/SPAN
Read MoreSwitch/SPAN
Use Cases
- Inspect traffic
- Monitor activities
- Track connections
- Provide relevant data for accurate device identification
- Assist in user association
Viakoo
Read MoreViakoo
Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.
Use Cases
- Retrieve detailed information on all Viakoo related devices
- The information includes Service Date, Compliance Status, Priority, Availability, and more
- The information is correlated with other data sources
- Use data exposed by Viakoo to create new devices in the Armis Platform
VMware vCenter / ESXi
Read MoreVMware vCenter / ESXi
- Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
VMware Workspace ONE
Read MoreVMware Workspace ONE
VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Wiz
Read MoreWiz
Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Retrieve detailed information on cloud resources that are seen by Wiz
- Enrichment of existing Armis devices with data exposed by Wiz
Zscaler
Read MoreZscaler
Armis and Zscaler integrate to retrieve detailed information about Zscaler-managed devices, users, and network traffic, and correlate it with other sources.
Automation
Torq
Read MoreTorq
The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.
Use Case
Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.
These complementary abilities enable the following—and more:
- Automatic enforcement of endpoint-agent coverage
- Faster threat mitigation and threat remediation
- Reducing risks through orchestrated vulnerability response and vulnerability remediation
Cloud Services
Amazon Web Services (AWS)
Read MoreAmazon Web Services (AWS)
Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
Use Cases
Device data enrichment:
- Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.
Compliance:
- Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).
Google Cloud Platform (GCP)
Read MoreGoogle Cloud Platform (GCP)
GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.
Use Cases
- Retrieve information on GCP related devices, including their identification and operating system details.
Microsoft Azure
Read MoreMicrosoft Azure
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
Use Cases
- Provide detailed information on Microsoft Azure VMs.
- Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).
Netskope
Read MoreNetskope
Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.
Use Cases
- Enrichment of existing Armis devices with data exposed by Netskope.
Oracle
Read MoreOracle
The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.
Wiz
Read MoreWiz
Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Retrieve detailed information on cloud resources that are seen by Wiz
- Enrichment of existing Armis devices with data exposed by Wiz
DHCP/DNS
BlueCat DHCP
Read MoreBlueCat DHCP
BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
- Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.
EfficientIP SOLIDserver DDI
Read MoreEfficientIP SOLIDserver DDI
EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.
Infoblox DDI Syslog
Read MoreInfoblox DDI Syslog
Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.
Use Cases
- Provide information on all Infoblox DDI related devices and correlate it with other data sources.
- Verify device compliance with Infoblox DDI policies:
- Detect devices missing vulnerability scans and patches
- Detect unmanaged devices
- Use correlation with other data sources to detect vulnerable software
- Verify user privileges
Microsoft DHCP
Read MoreMicrosoft DHCP
Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
- Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.
Endpoint Protection
BlackBerry Cybersecurity CylancePROTECT
Read MoreBlackBerry Cybersecurity CylancePROTECT
BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.
Use Cases
Retrieve detailed information on CylancePROTECT managed devices.
- The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.
Verify compliance with CylancePROTECT security policies by discovering the following:
- Missing or malfunctioning CylancePROTECT agents
- CylancePROTECT agents running out-of-date software versions
- Devices that are not running a CylancePROTECT agent
- Identify the last logged-in device user
Check Point Harmony (Sandblast)
Read MoreCheck Point Harmony (Sandblast)
Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.
Use Cases
- Device data enrichment
- Full visibility of all Check Point Harmony Endpoint managed devices
- Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)
Compliance
- The compliance status of Check Point Harmony Endpoint managed devices
- Isolation status of Check Point Harmony Endpoint managed devices
- View the groups in which the devices are located
- View the last time the device was accessed
Cisco Secure Endpoint
Read MoreCisco Secure Endpoint
Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.
CrowdStrike
Read MoreCrowdStrike
CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.
Use Cases
Retrieve detailed information on CrowdStrike managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with CrowdStrike security policies by discovering the following:
- Missing or malfunctioning CrowdStrike agents
- CrowdStrike agents running out-of-date software versions
- Devices that are not running a CrowdStrike agent
- Identify the last logged-in device user
Malwarebytes
Read MoreMalwarebytes
Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.
Use Case
- Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.
McAfee ePO
Read MoreMcAfee ePO
McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.
Use Cases
- Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Microsoft Defender for Endpoint
Read MoreMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Palo Alto Cortex XDR
Read MorePalo Alto Cortex XDR
Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.
The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Palo Alto Prisma Cloud
Read MorePalo Alto Prisma Cloud
Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP
SentinelOne
Read MoreSentinelOne
The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.
Use Case
- Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
- Verify device compliance with Sentinel One policies by detecting:
- Missing or malfunctioning Sentinel One agents
- Sentinel One agents running out-of-date software versions
- Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
- Identify the last logged-in device user
Sophos Endpoint Protection (Intercept X)
Read MoreSophos Endpoint Protection (Intercept X)
Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.
The integration retrieves detailed information on Sophos Intercept X managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Symantec Endpoint Protection – Broadcom
Read MoreSymantec Endpoint Protection – Broadcom
Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.
Use Cases
- Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Trellix FireEye Endpoint Protection
Read MoreTrellix FireEye Endpoint Protection
Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.
Use Cases
- Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
- Verify compliance with FireEye security policies by discovering the following:
- Missing or malfunctioning FireEye agents
- FireEye agents running out-of-date software versions
- Devices that are not running a FireEye agent
- Identify the last logged-in device user
Trend Micro Apex One
Read MoreTrend Micro Apex One
Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.
The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Trend Micro Deep Security
Read MoreTrend Micro Deep Security
Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
VMware Carbon Black
Read MoreVMware Carbon Black
VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.
Use Cases
- Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
- Detect compliance of missing or malfunctioning Carbon Black Defense agents
- Detect Carbon Black Defense agents running out-of-date software versions
- Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
- Identify the last logged-in device user
Enforcement
Aruba ClearPass
Read MoreAruba ClearPass
Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.
Use Cases
- Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
- The retrieved information is correlated with other data sources
- Detect missing or malfunctioning agents
- Detect out-of-life or out-of-support agent versions
- Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass
Cisco ISE PxGrid
Read MoreCisco ISE PxGrid
Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.
Learn more about our integration with Cisco ISEDynatrace
Read MoreDynatrace
Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.
This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.
Use Cases
- Device data enrichment:
- Full visibility of all Dynatrace OneAgent-managed devices.
- Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).
Compliance
- The State of Dynatrace OneAgent-managed devices.
- Monitoring Mode of the Dynatrace OneAgent-monitored devices.
- View the last time the device was seen.
Forescout
Read MoreForescout
This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.
Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.
The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.
Palo Alto Networks List Management
Read MorePalo Alto Networks List Management
Palo Alto Networks List Management integration.
Use Cases
- Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement
- Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies
Torq
Read MoreTorq
The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.
Use Case
Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.
These complementary abilities enable the following—and more:
- Automatic enforcement of endpoint-agent coverage
- Faster threat mitigation and threat remediation
- Reducing risks through orchestrated vulnerability response and vulnerability remediation
Firewall & NAC
Aruba ClearPass
Read MoreAruba ClearPass
Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.
Use Cases
- Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
- The retrieved information is correlated with other data sources
- Detect missing or malfunctioning agents
- Detect out-of-life or out-of-support agent versions
- Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass
Check Point IoT
Read MoreCheck Point IoT
Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.
Use Cases
- Analyze traffic logs.
- Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.
- Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.
Cisco ASA
Read MoreCisco ASA
The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.
Use Cases
- Retrieve information on all Cisco ASA devices and correlate it with other data sources.
- Collect information of the operating system running on the device.
Cisco ISE PxGrid
Read MoreCisco ISE PxGrid
Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.
Learn more about our integration with Cisco ISEForescout
Read MoreForescout
This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.
Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.
The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.
FortiGate
Read MoreFortiGate
Fortinet’s FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies.
The Armis platform imports north/south network traffic information from the FortiGate product.
Use Cases
- Retrieve detailed information on all Fortinet FortiGate related devices in the Armis Platform and correlate them with other data sources.
- Identify logged-in users.
Fortinet FortiManager Enforcement
Read MoreFortinet FortiManager Enforcement
FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. FortiManager provides centralized policy-based provisioning and configuration management for FortiGate, FortiWiFi, FortiAP, and other devices.
Use Cases
- Device IP enforcement
Illumio
Read MoreIllumio
Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Illumio.
Palo Alto Networks GlobalProtect
Read MorePalo Alto Networks GlobalProtect
Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.
Use Cases
- Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
- Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
- Enrich existing devices with traffic data from their VPN network connections
- Provide detailed information on all GlobalProtect related devices and correlate it with other data sources
Palo Alto Networks List Management
Read MorePalo Alto Networks List Management
Palo Alto Networks List Management integration.
Use Cases
- Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement
- Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies
Palo Alto Networks Panorama
Read MorePalo Alto Networks Panorama
The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.
Use Cases
- Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
- Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)
Healthcare
Medical Disclosure Statement (MDS2)
Read MoreMedical Disclosure Statement (MDS2)
MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.
Use Cases
- View MDS2 privacy and security attributes mapped to assets and to assess risk
The MDS2 integration is automatically enabled for Armis customers
US Food & Drug Administration (FDA)
Read MoreUS Food & Drug Administration (FDA)
The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.
Use Cases
- Identify assets on FDA recall lists
The FDA integration is automatically enabled for Armis customers
Identity Management
Duo Beyond
Read MoreDuo Beyond
Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.
Use Cases
- Identify Duo users
- Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
- Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
- Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
- Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.
Okta
Read MoreOkta
Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.
Use Cases
- Provide detailed device information and correlate it with other data sources
- Retrieve and collect user data
- Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory
OneLogin
Read MoreOneLogin
OneLogin’s unified access management platform centralizes access across cloud environments to give full control, management, and security for data, devices, and users.
Use Cases
User enrichment:
- Full visibility of all the users from OneLogin
- Correlation of OneLogin users with other data sources (such as Okta, Duo Beyond and Active Directory)
Infrastructure
Oracle
Read MoreOracle
The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.
Manufacturing
Rockwell Engineering Workstation (EWS)
Read MoreRockwell Engineering Workstation (EWS)
Rockwell Automation is a provider of industrial automation and information technology.
Use Cases
- Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
- Provide enhanced information on slots and nested devices
Siemens Engineering Workstation (EWS)
Read MoreSiemens Engineering Workstation (EWS)
Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.
The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial control systems (ICS) environment is now possible.
Use Cases
- Fast enrichment of Siemens devices using Siemens Software Engineering files
- Full inventory information enrichment of existing devices-profile, modules information, etc.
- Creation of nested devices not visible to Armis through traffic inspection
Risk Assessment
BlackBerry Cybersecurity CylancePROTECT
Read MoreBlackBerry Cybersecurity CylancePROTECT
BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.
Use Cases
Retrieve detailed information on CylancePROTECT managed devices.
- The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.
Verify compliance with CylancePROTECT security policies by discovering the following:
- Missing or malfunctioning CylancePROTECT agents
- CylancePROTECT agents running out-of-date software versions
- Devices that are not running a CylancePROTECT agent
- Identify the last logged-in device user
Check Point IoT
Read MoreCheck Point IoT
Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.
Use Cases
- Analyze traffic logs.
- Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.
- Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.
CrowdStrike
Read MoreCrowdStrike
CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.
Use Cases
Retrieve detailed information on CrowdStrike managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with CrowdStrike security policies by discovering the following:
- Missing or malfunctioning CrowdStrike agents
- CrowdStrike agents running out-of-date software versions
- Devices that are not running a CrowdStrike agent
- Identify the last logged-in device user
Dropbox
Read MoreDropbox
Dropbox is a SaaS file sharing and cloud storage platform.
Use Cases
- Import user accounts
- Import user activities
Duo Beyond
Read MoreDuo Beyond
Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.
Use Cases
- Identify Duo users
- Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
- Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
- Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
- Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.
Infoblox DDI Syslog
Read MoreInfoblox DDI Syslog
Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.
Use Cases
- Provide information on all Infoblox DDI related devices and correlate it with other data sources.
- Verify device compliance with Infoblox DDI policies:
- Detect devices missing vulnerability scans and patches
- Detect unmanaged devices
- Use correlation with other data sources to detect vulnerable software
- Verify user privileges
McAfee ePO
Read MoreMcAfee ePO
McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.
Use Cases
- Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Microsoft Defender for Endpoint
Read MoreMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Microsoft System Center Configuration Manager (SCCM) & Bitlocker
Read MoreMicrosoft System Center Configuration Manager (SCCM) & Bitlocker
Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.
Use Cases
- Gain full application visibility on managed SCCM devices, including offline applications.
- Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
- Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.
NHS Cyber Alerts
Read MoreNHS Cyber Alerts
NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts
Use Cases
- Matching alerts with devices
- Visualise NHS Cyber Alerts and their affected devices
- Prioritization with Armis Asset Vulnerability Management (AVM)
- Status tracking
Nuvolo
Read MoreNuvolo
Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.
Use Cases
Enrich existing Armis devices with data exposed by Nuvolo:
- Asset Tag
- Asset State
- Operation Status
- Owning Department
- Install Date
- Is Critical
- End of Support
- End of Life
Verify compliance with Nuvolo policies by detecting:
- Missing or malfunctioning Nuvolo agents
- Nuvolo agents running out-of-date software versions
- Devices that are not running a Nuvolo agent, such as:
- Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.
- Push/send device interaction data to CMMS for use in displaying device dependency visualizations.
- Identify the last logged-in device user.
Palo Alto Cortex XDR
Read MorePalo Alto Cortex XDR
Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.
The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Palo Alto Networks GlobalProtect
Read MorePalo Alto Networks GlobalProtect
Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.
Use Cases
- Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
- Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
- Enrich existing devices with traffic data from their VPN network connections
- Provide detailed information on all GlobalProtect related devices and correlate it with other data sources
Qualys
Read MoreQualys
The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.
Use Cases
- Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
- Verify device compliance with Qualys security policies by detecing:
- Devices missing vulnerability scans and patches
- Unmanaged devices.
- Initiate vulnerability scans based on automated Armis policies
Rapid7 InsightVM
Read MoreRapid7 InsightVM
Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.
Use Cases
- Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
- Verify device compliance with Rapid7 InsightVM security policies by detecting
- Devices missing vulnerability scans and patches
- Unmanaged devices
- Vulnerable software (in conjunction with other data sources)
- Verify user privileges
- Initiate vulnerability scans based on automated Armis policies
SentinelOne
Read MoreSentinelOne
The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.
Use Case
- Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
- Verify device compliance with Sentinel One policies by detecting:
- Missing or malfunctioning Sentinel One agents
- Sentinel One agents running out-of-date software versions
- Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
- Identify the last logged-in device user
Sophos Endpoint Protection (Intercept X)
Read MoreSophos Endpoint Protection (Intercept X)
Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.
The integration retrieves detailed information on Sophos Intercept X managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Symantec Endpoint Protection – Broadcom
Read MoreSymantec Endpoint Protection – Broadcom
Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.
Use Cases
- Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Tanium Interact
Read MoreTanium Interact
The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.
Use Cases
- Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
- Compliance:
- Detection of missing or malfunctioning Tanium Interact agents
- Detection of Tanium Interact agents running out-of-date software versions
- Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
- Ability to view the last logged-in device user
Tenable.io
Read MoreTenable.io
Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration — Initiating vulnerability scans based on automated Armis policies
Tenable.sc
Read MoreTenable.sc
Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration—Initiating vulnerability scans based on automated Armis policies
Trellix FireEye Endpoint Protection
Read MoreTrellix FireEye Endpoint Protection
Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.
Use Cases
- Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
- Verify compliance with FireEye security policies by discovering the following:
- Missing or malfunctioning FireEye agents
- FireEye agents running out-of-date software versions
- Devices that are not running a FireEye agent
- Identify the last logged-in device user
Trend Micro Apex One
Read MoreTrend Micro Apex One
Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.
The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
VMware Carbon Black
Read MoreVMware Carbon Black
VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.
Use Cases
- Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
- Detect compliance of missing or malfunctioning Carbon Black Defense agents
- Detect Carbon Black Defense agents running out-of-date software versions
- Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
- Identify the last logged-in device user
SaaS Applications
Dropbox
Read MoreDropbox
Dropbox is a SaaS file sharing and cloud storage platform.
Use Cases
- Import user accounts
- Import user activities
SOAR
Siemplify
Read MoreSiemplify
Armis and Siemplify enable organizations to take action automatically to protect critical information and systems.
Switch
Network Mapper
Read MoreNetwork Mapper
Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.
Use Cases
- Identify network equipment
- Retrieve ARP tables
Switch/SPAN
Read MoreSwitch/SPAN
Use Cases
- Inspect traffic
- Monitor activities
- Track connections
- Provide relevant data for accurate device identification
- Assist in user association
Threat Detection & Response
Netskope
Read MoreNetskope
Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.
Use Cases
- Enrichment of existing Armis devices with data exposed by Netskope.
Palo Alto Networks Panorama
Read MorePalo Alto Networks Panorama
The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.
Use Cases
- Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
- Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)
Vulnerability Assessment
Common Vulnerabilities and Exposures (CVE)
Read MoreCommon Vulnerabilities and Exposures (CVE)
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.
The CVE integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Cybersecurity and Infrastructure Security Agency (CISA)
Read MoreCybersecurity and Infrastructure Security Agency (CISA)
Cybersecurity and Infrastructure Security Agency (CISA) manages a catalog of Known Exploited Vulnerabilities (KEV) and requires federal civilian agencies to remediate such vulnerabilities within specific timeframes.
Use Cases
- Audit vulnerability remediation by the CISA Due Date
The CISA KEV integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Exploit Prediction Scoring System (EPSS)
Read MoreExploit Prediction Scoring System (EPSS)
The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Their goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
The EPSS integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Google Project Zero
Read MoreGoogle Project Zero
Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.
The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Medical Disclosure Statement (MDS2)
Read MoreMedical Disclosure Statement (MDS2)
MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.
Use Cases
- View MDS2 privacy and security attributes mapped to assets and to assess risk
The MDS2 integration is automatically enabled for Armis customers
MITRE ATT&CK®
Read MoreMITRE ATT&CK®
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
The MITRE ATT&CK® integration is automatically enabled for Armis customers.
National Vulnerability Database (NVD)
Read MoreNational Vulnerability Database (NVD)
The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
The NIST NVD integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
NHS Cyber Alerts
Read MoreNHS Cyber Alerts
NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts
Use Cases
- Matching alerts with devices
- Visualise NHS Cyber Alerts and their affected devices
- Prioritization with Armis Asset Vulnerability Management (AVM)
- Status tracking
Qualys
Read MoreQualys
The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.
Use Cases
- Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
- Verify device compliance with Qualys security policies by detecing:
- Devices missing vulnerability scans and patches
- Unmanaged devices.
- Initiate vulnerability scans based on automated Armis policies
Rapid7 InsightVM
Read MoreRapid7 InsightVM
Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.
Use Cases
- Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
- Verify device compliance with Rapid7 InsightVM security policies by detecting
- Devices missing vulnerability scans and patches
- Unmanaged devices
- Vulnerable software (in conjunction with other data sources)
- Verify user privileges
- Initiate vulnerability scans based on automated Armis policies
Tenable.io
Read MoreTenable.io
Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration — Initiating vulnerability scans based on automated Armis policies
Tenable.sc
Read MoreTenable.sc
Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration—Initiating vulnerability scans based on automated Armis policies
Tor
Read MoreTor
The Tor network is a system that facilitates anonymous communication by concealing a user’s Internet Protocol (IP) address through encryption and a series of self-described anonymous and private connections. The Tor network receives its name from the original software project it is based upon, ‘The onion router’.
Use Cases
- Alert to Tor traffic on the corporate network
- The Tor integration is automatically enabled for Armis customers
US Food & Drug Administration (FDA)
Read MoreUS Food & Drug Administration (FDA)
The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.
Use Cases
- Identify assets on FDA recall lists
The FDA integration is automatically enabled for Armis customers
VirusTotal
Read MoreVirusTotal
VirusTotal analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. Their goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers and end users of all kinds.
The VirusTotal integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
WLC
Aruba Central
Read MoreAruba Central
Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba Instant
Read MoreAruba Instant
Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba WLC
Read MoreAruba WLC
Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Use Cases
Device Enrichment – view, search and visualize:
- Access points & switches managed by Aruba WLC
- Wireless Clients
- Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
- Visibility: View current and historic wireless connections between devices and access points
- Define policies on abnormal connections
- Detect rogue access points
Cambian cnMaestro
Read MoreCambian cnMaestro
Cambium Networks cnMaestro is a cloud-based Wi-Fi management solution that provides monitoring
wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device enrichment:
- View, search, and visualize access points managed by Cambium cnMaestro WLC
- Enhance information on access points, such as serial number, firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or directly to the access points
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
Cisco Catalyst WLC
Read MoreCisco Catalyst WLC
A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.
Use Cases
- Retrieve information on all Cisco WLC devices and correlate it with other data sources.
Cisco DNA Center
Read MoreCisco DNA Center
Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.
Use Cases
- Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
- Enrichment of existing Armis devices with data exposed by Cisco DNA Center
Cisco Meraki
Read MoreCisco Meraki
Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.
Learn more about our integration with Cisco MerakiExtreme WLC
Read MoreExtreme WLC
Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.
Hewlett Packard (HP) WLC
Read MoreHewlett Packard (HP) WLC
The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.
Use Cases
- Provide detailed information on HP WLC equipment, including its identification and profile
- Collect information on HP WLC-managed Access Points (APs)
- Fetch detailed information on Clients (endpoints) that connect to Access Points.
- Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
- Map which endpoints are connected to which APs in the network
Juniper Mist
Read MoreJuniper Mist
Juniper Mist is a cloud-based Wi-Fi management solution that provides monitoring wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device Enrichment:
- View, search, and visualize access points and switches managed by Mist WLC
- Enhance information on access points and switches, such as serial number firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or via Mist-managed switches
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
All
Absolute
Read MoreAbsolute
Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.
Alaris Medical
Read MoreAlaris Medical
The Alaris Integration provides full visibility into the Alaris system for inventory, security and utilization
Use Cases
- Ingest the Alaris Server configuration
- Provide full device identification – S/N, model, FW
- Show utilization & operational activity
Amazon Web Services (AWS)
Read MoreAmazon Web Services (AWS)
Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
Use Cases
Device data enrichment:
- Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.
Compliance:
- Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).
Aruba Central
Read MoreAruba Central
Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba ClearPass
Read MoreAruba ClearPass
Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.
Use Cases
- Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
- The retrieved information is correlated with other data sources
- Detect missing or malfunctioning agents
- Detect out-of-life or out-of-support agent versions
- Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass
Aruba Instant
Read MoreAruba Instant
Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Aruba WLC
Read MoreAruba WLC
Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).
Use Cases
Device Enrichment – view, search and visualize:
- Access points & switches managed by Aruba WLC
- Wireless Clients
- Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
- Visibility: View current and historic wireless connections between devices and access points
- Define policies on abnormal connections
- Detect rogue access points
Atlassian Jira – Email Ticketing
Read MoreAtlassian Jira – Email Ticketing
Jira is a proprietary issue-tracking product developed by Atlassian that allows bug tracking and agile project management.
Use Cases
The Email Ticketing integration sends alerts by email to an email address associated with a ticketing system. This allows the user to configure an Armis automation flow, automatically raising tickets in Jira.
BACnet
Read MoreBACnet
BACnet is a communication protocol for building automation and control (BAC) networks.
Use Cases
- Security and operational
The BACnet integration is automatically enabled for Armis customers
BigFix
Read MoreBigFix
BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
BlackBerry Cybersecurity CylancePROTECT
Read MoreBlackBerry Cybersecurity CylancePROTECT
BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.
Use Cases
Retrieve detailed information on CylancePROTECT managed devices.
- The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.
Verify compliance with CylancePROTECT security policies by discovering the following:
- Missing or malfunctioning CylancePROTECT agents
- CylancePROTECT agents running out-of-date software versions
- Devices that are not running a CylancePROTECT agent
- Identify the last logged-in device user
BlueCat DHCP
Read MoreBlueCat DHCP
BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
- Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.
BMC Helix Configuration Management Database (CMDB)
Read MoreBMC Helix Configuration Management Database (CMDB)
The BMC Helix Configuration Management Database (CMDB) enriches ecosystem workflow with a business aware, single source of reference for your assets and services.
Use Cases
- Retrieve detailed information about BMC CMDB-inventory CIs
- Enrichment of existing Armis devices with data exposed by BMC CMDB
Cambian cnMaestro
Read MoreCambian cnMaestro
Cambium Networks cnMaestro is a cloud-based Wi-Fi management solution that provides monitoring
wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device enrichment:
- View, search, and visualize access points managed by Cambium cnMaestro WLC
- Enhance information on access points, such as serial number, firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or directly to the access points
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
Check Point Harmony (Sandblast)
Read MoreCheck Point Harmony (Sandblast)
Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.
Use Cases
- Device data enrichment
- Full visibility of all Check Point Harmony Endpoint managed devices
- Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)
Compliance
- The compliance status of Check Point Harmony Endpoint managed devices
- Isolation status of Check Point Harmony Endpoint managed devices
- View the groups in which the devices are located
- View the last time the device was accessed
Check Point IoT
Read MoreCheck Point IoT
Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.
Use Cases
- Analyze traffic logs.
- Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.
- Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.
Chef
Read MoreChef
The integration between Armis and Chef helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Case
Retrieve detailed information on Chef managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with Chef security policies by discovering the following:
- Missing or malfunctioning Chef agents
- Chef agents running out-of-date software versions
- Devices that are not running a Chef agent
- Identify the last logged-in device user
Cisco ASA
Read MoreCisco ASA
The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.
Use Cases
- Retrieve information on all Cisco ASA devices and correlate it with other data sources.
- Collect information of the operating system running on the device.
Cisco Catalyst WLC
Read MoreCisco Catalyst WLC
A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.
Use Cases
- Retrieve information on all Cisco WLC devices and correlate it with other data sources.
Cisco DNA Center
Read MoreCisco DNA Center
Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.
Use Cases
- Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
- Enrichment of existing Armis devices with data exposed by Cisco DNA Center
Cisco ISE PxGrid
Read MoreCisco ISE PxGrid
Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.
Learn more about our integration with Cisco ISECisco Meraki
Read MoreCisco Meraki
Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.
Learn more about our integration with Cisco MerakiCisco Secure Endpoint
Read MoreCisco Secure Endpoint
Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.
Common Vulnerabilities and Exposures (CVE)
Read MoreCommon Vulnerabilities and Exposures (CVE)
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.
The CVE integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
CrowdStrike
Read MoreCrowdStrike
CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.
Use Cases
Retrieve detailed information on CrowdStrike managed devices.
- The retrieved information is correlated with other data sources.
Verify compliance with CrowdStrike security policies by discovering the following:
- Missing or malfunctioning CrowdStrike agents
- CrowdStrike agents running out-of-date software versions
- Devices that are not running a CrowdStrike agent
- Identify the last logged-in device user
CSV
Read MoreCSV
Upload CSV data to manually import new assets or add asset attributes for contextual analysis.
Cybersecurity and Infrastructure Security Agency (CISA)
Read MoreCybersecurity and Infrastructure Security Agency (CISA)
Cybersecurity and Infrastructure Security Agency (CISA) manages a catalog of Known Exploited Vulnerabilities (KEV) and requires federal civilian agencies to remediate such vulnerabilities within specific timeframes.
Use Cases
- Audit vulnerability remediation by the CISA Due Date
The CISA KEV integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Device42
Read MoreDevice42
Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Device42.
Dropbox
Read MoreDropbox
Dropbox is a SaaS file sharing and cloud storage platform.
Use Cases
- Import user accounts
- Import user activities
Duo Beyond
Read MoreDuo Beyond
Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.
Use Cases
- Identify Duo users
- Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
- Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
- Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
- Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.
Dynatrace
Read MoreDynatrace
Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.
This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.
Use Cases
- Device data enrichment:
- Full visibility of all Dynatrace OneAgent-managed devices.
- Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).
Compliance
- The State of Dynatrace OneAgent-managed devices.
- Monitoring Mode of the Dynatrace OneAgent-monitored devices.
- View the last time the device was seen.
EfficientIP SOLIDserver DDI
Read MoreEfficientIP SOLIDserver DDI
EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.
Eseye
Read MoreEseye
Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.
Use Cases
- Discover and display insights of any Eseye connected IoT device
Exabeam
Read MoreExabeam
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Exploit Prediction Scoring System (EPSS)
Read MoreExploit Prediction Scoring System (EPSS)
The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Their goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
The EPSS integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Extreme WLC
Read MoreExtreme WLC
Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.
Flexera One
Read MoreFlexera One
Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.
The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.
Forescout
Read MoreForescout
This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.
Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.
The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.
FortiGate
Read MoreFortiGate
Fortinet’s FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies.
The Armis platform imports north/south network traffic information from the FortiGate product.
Use Cases
- Retrieve detailed information on all Fortinet FortiGate related devices in the Armis Platform and correlate them with other data sources.
- Identify logged-in users.
Fortinet FortiManager Enforcement
Read MoreFortinet FortiManager Enforcement
FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. FortiManager provides centralized policy-based provisioning and configuration management for FortiGate, FortiWiFi, FortiAP, and other devices.
Use Cases
- Device IP enforcement
Google Cloud Platform (GCP)
Read MoreGoogle Cloud Platform (GCP)
GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.
Use Cases
- Retrieve information on GCP related devices, including their identification and operating system details.
Google Endpoint Manager – ChromeOS
Read MoreGoogle Endpoint Manager – ChromeOS
Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.
The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Google Project Zero
Read MoreGoogle Project Zero
Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.
The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Hewlett Packard (HP) WLC
Read MoreHewlett Packard (HP) WLC
The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.
Use Cases
- Provide detailed information on HP WLC equipment, including its identification and profile
- Collect information on HP WLC-managed Access Points (APs)
- Fetch detailed information on Clients (endpoints) that connect to Access Points.
- Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
- Map which endpoints are connected to which APs in the network
IEEE – Organizationally Unique Identifier (OUI)
Read MoreIEEE – Organizationally Unique Identifier (OUI)
(Organizational Unique Identifier) The part of the MAC address that identifies the vendor of the network adapter. The OUI is the first three bytes of the six-byte field and is administered by the IEEE.
Use Cases
- Assists in identifying assets by manfactuturer, type and category
The OUI integration is automatically enabled for Armis customers
Illumio
Read MoreIllumio
Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.
Use Cases
- Device data enrichment.
- Enrichment of existing Armis devices with data exposed by Illumio.
Infoblox DDI Syslog
Read MoreInfoblox DDI Syslog
Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.
Use Cases
- Provide information on all Infoblox DDI related devices and correlate it with other data sources.
- Verify device compliance with Infoblox DDI policies:
- Detect devices missing vulnerability scans and patches
- Detect unmanaged devices
- Use correlation with other data sources to detect vulnerable software
- Verify user privileges
Ivanti Endpoint Management (Landesk)
Read MoreIvanti Endpoint Management (Landesk)
Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.
Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.
Use Cases
- Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
- View the last inventory scan time of devices.
- View the last login time of devices.
Jamf
Read MoreJamf
Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.
Use Cases
Provide detailed profile information on all Jamf managed devices, including:
- Last Check-in date
- Device name
- Network information
- Warranty status, etc.
- The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)
Verify device compliance with JAMF policies by detecting:
- Missing or malfunctioning Jamf agents
- Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed
- Identify the last logged-in device user
Juniper Mist
Read MoreJuniper Mist
Juniper Mist is a cloud-based Wi-Fi management solution that provides monitoring wireless traffic, wireless device details, and providing real-time visibility into the network.
Use Cases
Device Enrichment:
- View, search, and visualize access points and switches managed by Mist WLC
- Enhance information on access points and switches, such as serial number firmware version, and more
- View and analyze wireless and wired clients connected to the network, via Wi-Fi or via Mist-managed switches
Wireless Connections Visibility:
- View current and historical wireless connections between devices and access points
Kaseya VSA
Read MoreKaseya VSA
Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.
Use Cases
- Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
- Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
- Identify the last logged-in device user.
Lansweeper
Read MoreLansweeper
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes.
LogRhythm
Read MoreLogRhythm
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Malwarebytes
Read MoreMalwarebytes
Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.
Use Case
- Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.
McAfee ePO
Read MoreMcAfee ePO
McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.
Use Cases
- Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Medical Disclosure Statement (MDS2)
Read MoreMedical Disclosure Statement (MDS2)
MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.
Use Cases
- View MDS2 privacy and security attributes mapped to assets and to assess risk
The MDS2 integration is automatically enabled for Armis customers
Microsoft Active Directory
Read MoreMicrosoft Active Directory
Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.
Use Cases
Retrieve detailed information on all Active Directory users and machines
- The retrieved information is correlated with other data sources.
- Identify user access by device and timeline
- Fetch the details about user access per machine
- Obtain the status of each account
- Add third-party integrations to identify the last logged in user by device
Verify compliance with Active Directory security policies by detecting the following:
- Computers with the AD Account disabled
- Computer accounts with the AD Password set to Not Required or Never Expire
- Computers that are not configured to require any pre-authentication
Microsoft Azure
Read MoreMicrosoft Azure
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
Use Cases
- Provide detailed information on Microsoft Azure VMs.
- Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).
Microsoft Azure Active Directory (Azure AD)
Read MoreMicrosoft Azure Active Directory (Azure AD)
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.
Use Cases
- Enrichment of existing Armis devices with data exposed by Azure AD.
Compliance
- Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
- Associate users to devices.
- Ability to view the last logged-in device user.
Microsoft Azure Sentinel
Read MoreMicrosoft Azure Sentinel
The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.
The integration is provided as an Azure Marketplace App available here.
Microsoft Defender for Endpoint
Read MoreMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Microsoft DHCP
Read MoreMicrosoft DHCP
Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.
Use Cases
- Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
- Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.
Microsoft Endpoint Manager (Intune)
Read MoreMicrosoft Endpoint Manager (Intune)
Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Microsoft System Center Configuration Manager (SCCM) & Bitlocker
Read MoreMicrosoft System Center Configuration Manager (SCCM) & Bitlocker
Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.
Use Cases
- Gain full application visibility on managed SCCM devices, including offline applications.
- Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
- Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.
MITRE ATT&CK®
Read MoreMITRE ATT&CK®
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
The MITRE ATT&CK® integration is automatically enabled for Armis customers.
National Vulnerability Database (NVD)
Read MoreNational Vulnerability Database (NVD)
The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
The NIST NVD integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
Netbox
Read MoreNetbox
The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.
Use Cases
- Provide detailed information on all NetBox related devices and correlate it with other data sources.
NetBrain
Read MoreNetBrain
NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.
Netskope
Read MoreNetskope
Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.
Use Cases
- Enrichment of existing Armis devices with data exposed by Netskope.
Network Mapper
Read MoreNetwork Mapper
Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.
Use Cases
- Identify network equipment
- Retrieve ARP tables
NHS Cyber Alerts
Read MoreNHS Cyber Alerts
NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts
Use Cases
- Matching alerts with devices
- Visualise NHS Cyber Alerts and their affected devices
- Prioritization with Armis Asset Vulnerability Management (AVM)
- Status tracking
NinjaOne
Read MoreNinjaOne
NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.
Use Cases
- Device data enrichment:
- Full visibility of all NinjaOne-managed devices
- Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)
Nutanix Prism
Read MoreNutanix Prism
Nutanix Prism is the control plane that simplifies and streamlines common workflows to make hypervisor and VM setup as easy as checking your email. This integration will fetch from the Prism API all information on the running VMs and Hosts in the environment.
Use Cases
- Provide detailed information on all Nutanix Prism-related devices and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
Nuvolo
Read MoreNuvolo
Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.
Use Cases
Enrich existing Armis devices with data exposed by Nuvolo:
- Asset Tag
- Asset State
- Operation Status
- Owning Department
- Install Date
- Is Critical
- End of Support
- End of Life
Verify compliance with Nuvolo policies by detecting:
- Missing or malfunctioning Nuvolo agents
- Nuvolo agents running out-of-date software versions
- Devices that are not running a Nuvolo agent, such as:
- Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.
- Push/send device interaction data to CMMS for use in displaying device dependency visualizations.
- Identify the last logged-in device user.
Okta
Read MoreOkta
Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.
Use Cases
- Provide detailed device information and correlate it with other data sources
- Retrieve and collect user data
- Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory
OneLogin
Read MoreOneLogin
OneLogin’s unified access management platform centralizes access across cloud environments to give full control, management, and security for data, devices, and users.
Use Cases
User enrichment:
- Full visibility of all the users from OneLogin
- Correlation of OneLogin users with other data sources (such as Okta, Duo Beyond and Active Directory)
Oracle
Read MoreOracle
The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.
Palo Alto Cortex XDR
Read MorePalo Alto Cortex XDR
Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.
The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Palo Alto Networks GlobalProtect
Read MorePalo Alto Networks GlobalProtect
Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.
Use Cases
- Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
- Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
- Enrich existing devices with traffic data from their VPN network connections
- Provide detailed information on all GlobalProtect related devices and correlate it with other data sources
Palo Alto Networks List Management
Read MorePalo Alto Networks List Management
Palo Alto Networks List Management integration.
Use Cases
- Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement
- Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies
Palo Alto Networks Panorama
Read MorePalo Alto Networks Panorama
The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.
Use Cases
- Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
- Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)
Palo Alto Prisma Cloud
Read MorePalo Alto Prisma Cloud
Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP
Puppet
Read MorePuppet
Puppet is an open source software configuration management and deployment tool.
Use Cases
- Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications
QRadar
Read MoreQRadar
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Qualys
Read MoreQualys
The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.
Use Cases
- Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
- Verify device compliance with Qualys security policies by detecing:
- Devices missing vulnerability scans and patches
- Unmanaged devices.
- Initiate vulnerability scans based on automated Armis policies
Quest KACE
Read MoreQuest KACE
Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.
Use Cases
- Device data enrichment:
- Full visibility of all Quest KACE managed devices
- Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)
Radia Endpoint Manager
Read MoreRadia Endpoint Manager
Radia is Endpoint Manager software that provides a unified way for organizations to manage constellation of endpoints, including PCs, servers, smartphones, thin clients, and VDIs to industry-specific devices such as ATMs, POS devices, and medical devices, from a single-pane-of-glass console.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Rapid7 InsightVM
Read MoreRapid7 InsightVM
Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.
Use Cases
- Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
- Verify device compliance with Rapid7 InsightVM security policies by detecting
- Devices missing vulnerability scans and patches
- Unmanaged devices
- Vulnerable software (in conjunction with other data sources)
- Verify user privileges
- Initiate vulnerability scans based on automated Armis policies
Red Hat Satellite
Read MoreRed Hat Satellite
Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.
Use Cases
- Device data enrichment
- Enrichment of existing Armis devices with data exposed by Red Hat Satellite
Rockwell Engineering Workstation (EWS)
Read MoreRockwell Engineering Workstation (EWS)
Rockwell Automation is a provider of industrial automation and information technology.
Use Cases
- Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
- Provide enhanced information on slots and nested devices
SaltStack
Read MoreSaltStack
SaltStack, also known as Salt, is a configuration management and orchestration tool.
Use Cases
- Provide detailed information on all SaltStack related devices and correlate it with other data sources
- Retrieve the details about the operating system running on a device
SentinelOne
Read MoreSentinelOne
The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.
Use Case
- Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
- Verify device compliance with Sentinel One policies by detecting:
- Missing or malfunctioning Sentinel One agents
- Sentinel One agents running out-of-date software versions
- Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
- Identify the last logged-in device user
ServiceNow Armis Security Incident
Read MoreServiceNow Armis Security Incident
Import Armis Alerts as ServiceNow Security Incidents.
The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more.
- Open tickets automatically for unmanaged, IoT, OT, medical device incidents
- Import Security Incidents in near real-time
- Triage, prioritize, and close Armis Alerts from ServiceNow
- Stop threats efficiently with policy-based enforcements Use Cases
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and update incidents for greater accuracy and efficiency.
- Import Armis Alerts as ServiceNow Security Incidents.
- Guided Setup and Embedded Help articles provide intuitive user experience.
- Integration Dashboards help contextualize and prioritize Armis Alerts.
ServiceNow CMDB
Read MoreServiceNow CMDB
Armis sends device information to the ServiceNow CMDB.
Learn more about our integration with ServiceNowServiceNow Incident Integration
Read MoreServiceNow Incident Integration
The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.
Use Cases
- Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IT, IoT, OT/ICS, and medical devices
- Receive additional and contextual information about devices and events from the Armis platform
- Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.
ServiceNow Ticketing
Read MoreServiceNow Ticketing
Armis sends alert information to the ServiceNow platform for incident workflow and remediation.
Learn more about our integration with ServiceNowServiceNow Vulnerability Response
Read MoreServiceNow Vulnerability Response
Import Armis Device Vulnerabilities into ServiceNow
Armis is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems. Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.
Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there–and what’s not.
When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.
Use Cases
- ServiceNow Operational Technology (OT) Certified
- Compatible with ServiceNow OT VR
- Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
- Prioritize device vulnerabilities to aid remediation efforts
- Automatically close stale Vulnerabilities
- Cross customer data to provide increased threat intelligence
- Designed to be fully compatible with the Service Graph Connector for Armis
- Guided Setup helps you get up and running quickly
- Support your Operational Technology OT VR workflows alongside IT VR
Siemens Engineering Workstation (EWS)
Read MoreSiemens Engineering Workstation (EWS)
Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.
The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial control systems (ICS) environment is now possible.
Use Cases
- Fast enrichment of Siemens devices using Siemens Software Engineering files
- Full inventory information enrichment of existing devices-profile, modules information, etc.
- Creation of nested devices not visible to Armis through traffic inspection
Siemplify
Read MoreSiemplify
Armis and Siemplify enable organizations to take action automatically to protect critical information and systems.
SolarWinds Orion
Read MoreSolarWinds Orion
SolarWinds Orion is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.
Use Cases
Device data enrichment:
- Full visibility of all the devices from SolarWinds Orion for the following:
- Devices Managed as a Node
- Cloud Instances for AWS and Azure Cloud Providers
- Additional data related to the Server and Applications as well as Network Interfaces with Server
- Application (SAM)/Server Configuration Monitor (SCM) modules of SolarWinds Orion
- Correlation of SolarWinds Orion managed devices with other data sources (such as Active Directory, WLCs)
Compliance:
- The status of SolarWinds Orion managed devices
- The states of the Cloud managed devices
- View the last sync time of the devices
Sophos Endpoint Protection (Intercept X)
Read MoreSophos Endpoint Protection (Intercept X)
Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.
The integration retrieves detailed information on Sophos Intercept X managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
SOTI MobiControl
Read MoreSOTI MobiControl
SOTI MobiControl is a Enterprise Mobility Management (EMM) solution that provides visibility and control over where your business-critical mobile devices are, what they’re doing, how they’re performing, and what security or compliance risks they’re facing.
Deploy apps to smartphones. Enroll and provision new tablets in the field. Track the location of rugged devices. Identify and neutralize security risks to the Internet of Things (IoT) endpoints. Protect critical data stored on mobile devices. Minimize device downtime so field workers stay productive.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance Identify unmanaged assets
Splunk
Read MoreSplunk
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Sumo Logic
Read MoreSumo Logic
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Switch/SPAN
Read MoreSwitch/SPAN
Use Cases
- Inspect traffic
- Monitor activities
- Track connections
- Provide relevant data for accurate device identification
- Assist in user association
Symantec Endpoint Protection – Broadcom
Read MoreSymantec Endpoint Protection – Broadcom
Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.
Use Cases
- Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
Tanium Interact
Read MoreTanium Interact
The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.
Use Cases
- Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
- Compliance:
- Detection of missing or malfunctioning Tanium Interact agents
- Detection of Tanium Interact agents running out-of-date software versions
- Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
- Ability to view the last logged-in device user
Tenable.io
Read MoreTenable.io
Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration — Initiating vulnerability scans based on automated Armis policies
Tenable.sc
Read MoreTenable.sc
Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.
Use Cases
- Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
- Compliance:
- Detection of devices missing vulnerability scans and patches
- Detection of unmanaged devices
- Using correlation with other data sources to detect vulnerable software
- Verification of user privileges
- Orchestration—Initiating vulnerability scans based on automated Armis policies
Tor
Read MoreTor
The Tor network is a system that facilitates anonymous communication by concealing a user’s Internet Protocol (IP) address through encryption and a series of self-described anonymous and private connections. The Tor network receives its name from the original software project it is based upon, ‘The onion router’.
Use Cases
- Alert to Tor traffic on the corporate network
- The Tor integration is automatically enabled for Armis customers
Torq
Read MoreTorq
The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.
Use Case
Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.
These complementary abilities enable the following—and more:
- Automatic enforcement of endpoint-agent coverage
- Faster threat mitigation and threat remediation
- Reducing risks through orchestrated vulnerability response and vulnerability remediation
Trellix FireEye Endpoint Protection
Read MoreTrellix FireEye Endpoint Protection
Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.
Use Cases
- Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
- Verify compliance with FireEye security policies by discovering the following:
- Missing or malfunctioning FireEye agents
- FireEye agents running out-of-date software versions
- Devices that are not running a FireEye agent
- Identify the last logged-in device user
Trellix Helix (FireEye)
Read MoreTrellix Helix (FireEye)
Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.
Use Cases
- Enhance incident investigation by providing full context of the asset and its risks
- Detect assets not reporting events to the SIEM
Trend Micro Apex One
Read MoreTrend Micro Apex One
Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.
The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
Trend Micro Deep Security
Read MoreTrend Micro Deep Security
Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.
Use Cases
- Gain visibility of managed assets and their attributes
- Audit for presence and compliance
- Report on EPP effectiveness
US Food & Drug Administration (FDA)
Read MoreUS Food & Drug Administration (FDA)
The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.
Use Cases
- Identify assets on FDA recall lists
The FDA integration is automatically enabled for Armis customers
Vectra
Read MoreVectra
The Vectra Platform provides AI-driven threat detection and response for hybrid and multi-cloud environments. Vectra leverages patented Security AI to pinpoint attacker methods, prioritize threats, and automate response controls. Using the Vectra Platform, you gain unified attack visibility, context across public clouds, SaaS, identities, networks, and endpoints, as well as controls to respond effectively immediately.
Use Cases
- Analyze security gaps – ensure Vectra covers all assets and understand the health of the Vectra platform
- Enrichment of existing Armis devices with data exposed by Vectra
Viakoo
Read MoreViakoo
Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.
Use Cases
- Retrieve detailed information on all Viakoo related devices
- The information includes Service Date, Compliance Status, Priority, Availability, and more
- The information is correlated with other data sources
- Use data exposed by Viakoo to create new devices in the Armis Platform
VirusTotal
Read MoreVirusTotal
VirusTotal analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. Their goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers and end users of all kinds.
The VirusTotal integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.
VMware Carbon Black
Read MoreVMware Carbon Black
VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.
Use Cases
- Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
- Detect compliance of missing or malfunctioning Carbon Black Defense agents
- Detect Carbon Black Defense agents running out-of-date software versions
- Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
- Identify the last logged-in device user
VMware vCenter / ESXi
Read MoreVMware vCenter / ESXi
- Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
- Retrieve partial details about the operating system running on a device
VMware Workspace ONE
Read MoreVMware Workspace ONE
VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.
Use Cases
- Gain visibility of managed assets and their attributes
- Verify asset compliance
- Identify unmanaged assets
Wiz
Read MoreWiz
Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.
Use Cases
- Retrieve detailed information on cloud resources that are seen by Wiz
- Enrichment of existing Armis devices with data exposed by Wiz
Zscaler
Read MoreZscaler
Armis and Zscaler integrate to retrieve detailed information about Zscaler-managed devices, users, and network traffic, and correlate it with other sources.