Leverage Your Existing Investments With Armis Integrations

Jira is a proprietary issue-tracking product developed by Atlassian that allows bug tracking and agile project management.

Use Cases

The Email Ticketing integration sends alerts by email to an email address associated with a ticketing system. This allows the user to configure an Armis automation flow, automatically raising tickets in Jira.

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Learn more about our integration with Exabeam

Armis offers the following Google integrations:

Google Chronicle

Chronicle is a cybersecurity telemetry platform for threat hunting, and threat intelligence and is part of the Google Cloud Platform. Chronicle stores log events it receives in two formats: either as the original raw log or structured Unified Data Model (UDM) log. There are two critical elements to consider for parsing, Unified Data Model (UDM) which defines the schema for parsing, and Configuration Based Normalizers (CBN) which describes how to log data is transformed to the UDM schema.

Chronicle Integration for Armis:
The Chronicle integration for Armis enables the transfer and parsing of Armis Alerts, Activities, Devices, and Vulnerabilities in the Chronicle. These parsed events can be utilized for search, reporting, and visualization workflows.

The ingestion script ingests the following 4 types of event categories:

• Armis Alerts
• Armis Activities
• Armis Devices
• Armis Vulnerabilities

---

Google Cloud Platform (GCP)

GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.

Use Cases

• Retrieve information on GCP related devices, including their identification and operating system details.

---

Google Endpoint Manager – ChromeOS

Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.

The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Google Project Zero

Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.

The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

---

Google Security Operations SOAR

Armis and Google Security Operations SOAR enable organizations to take action automatically to protect critical information and systems.

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Armis offers the following Microsoft integrations:

Microsoft Active Directory

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.
• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

---

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

---

Microsoft Azure DevOps

Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.

VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.

---

Microsoft Azure Sentinel

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

---

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Microsoft DHCP

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

---

Microsoft Endpoint Manager (Intune)

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Microsoft Entra (formerly Azure AD)

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

---

Microsoft Hyper-V

Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.

This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.

Use Cases

Device data enrichment:

• Full visibility of all Microsoft Hyper-V managed VMs and Hosts
• Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)

Compliance:

• The creation time of Microsoft Hyper-V VMs

---

Microsoft System Center Configuration Manager (SCCM) & Bitlocker

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Armis offers the following ServiceNow integrations:

ServiceNow (Pull)

ServiceNow is a cloud-based software platform for IT Service Management (ITSM) that helps automate IT Business Management. It is designed based on ITIL guidelines to provide service orientation for tasks, activities, and processes.

Armis utilizes this integration to enrich the device inventory with device and user information.

Use Cases

• Retrieve detailed information on assets that are inventoried in ServiceNow
• Enrichment of existing Armis devices with data exposed by ServiceNow
• Identify assets discovered by Armis but not known to ServiceNow

---

ServiceNow Armis Security Incident

Import Armis Alerts as ServiceNow Security Incidents.

The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.

Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more.

• Open tickets automatically for unmanaged, IoT, OT, medical device incidents
• Import Security Incidents in near real-time
• Triage, prioritize, and close Armis Alerts from ServiceNow
• Stop threats efficiently with policy-based enforcements Use Cases
• Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
• Receive additional and contextual information about devices and events from the Armis platform
• Leverage policy-based actions in the Armis platform to remediate threats and  update incidents for greater accuracy and efficiency.
• Import Armis Alerts as ServiceNow Security Incidents.
• Guided Setup and Embedded Help articles provide intuitive user experience.
• Integration Dashboards help contextualize and prioritize Armis Alerts.

---

ServiceNow CMDB

Armis sends device information to the ServiceNow CMDB.

---

ServiceNow Incident Integration

The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.

Use Cases

• Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IT, IoT, OT/ICS, and medical devices
• Receive additional and contextual information about devices and events from the Armis platform
• Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.

---

ServiceNow Ticketing

Armis sends alert information to the ServiceNow platform for incident workflow and remediation.

---

ServiceNow Vulnerability Response

Import Armis Device Vulnerabilities into ServiceNow
Armis is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems.  Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.

Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there–and what’s not.

When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.

Use Cases

• ServiceNow Operational Technology (OT) Certified
• Compatible with ServiceNow OT VR
• Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
• Prioritize device vulnerabilities to aid remediation efforts
• Automatically close stale Vulnerabilities
• Cross customer data to provide increased threat intelligence
• Designed to be fully compatible with the Service Graph Connector for Armis
• Guided Setup helps you get up and running quickly
• Support your Operational Technology OT VR workflows alongside IT VR

---

Learn more about our integrations with ServiceNow

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Learn more about our integration with Splunk

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Armis offers the following Trellix integrations:

Trellix FireEye Endpoint Protection

Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.

Use Cases

• Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
• Verify compliance with FireEye security policies by discovering the following:
  • Missing or malfunctioning FireEye agents
  • FireEye agents running out-of-date software versions
  • Devices that are not running a FireEye agent
  • Identify the last logged-in device user

---

Trellix Helix (FireEye)

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

The Airlock Digital platform is a cybersecurity solution that focuses on application whitelisting and control. It helps organizations prevent unauthorized applications from running on their systems, improving their security posture. The platform provides a centralized management console for creating and managing application whitelists, as well as monitoring and reporting on application usage.

Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.

Airgap provides asset discovery for every device on your network, ML-driven network threat and performance monitoring at scale. And unlike “”observer” solutions, Airgap can take instant action to remedy risks.

This integration fetches useful information from the Airgap assets. The integration uses the Airgap rest API to fetch the information from the Airgap assets.

Use Cases

Device data enrichment:

• Full visibility of all Airgap assets
• Correlation of Airgap assets with other data sources (such as Active Directory, WLCs)

Compliance:

• The Creation Time and the Last Seen Time of the Airgap assets

The Alaris Integration provides full visibility into the Alaris system for inventory, security and utilization

Use Cases

• Ingest the Alaris Server configuration
• Provide full device identification – S/N, model, FW
• Show utilization & operational activity

BACnet is a communication protocol for building automation and control (BAC) networks.

Use Cases

• Security and operational

The BACnet integration is automatically enabled for Armis customers

BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

The BMC Helix Configuration Management Database (CMDB) enriches ecosystem workflow with a business aware, single source of reference for your assets and services.

Use Cases

• Retrieve detailed information about BMC CMDB-inventory CIs
• Enrichment of existing Armis devices with data exposed by BMC CMDB

The integration between Armis and Chef helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

Use Case

Retrieve detailed information on Chef managed devices.

• The retrieved information is correlated with other data sources.

Verify compliance with Chef security policies by discovering the following:

• Missing or malfunctioning Chef agents
• Chef agents running out-of-date software versions
• Devices that are not running a Chef agent
• Identify the last logged-in device user

Armis offers the following Cisco integrations:

Cisco ASA

The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.

Use Cases

• Retrieve information on all Cisco ASA devices and correlate it with other data sources.
• Collect information of the operating system running on the device.

---

Cisco Catalyst WLC

A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.

Use Cases

• Retrieve information on all Cisco WLC devices and correlate it with other data sources.

---

Cisco Cyber Vision

Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments

---

Cisco Digital Network Architecture (Cisco DNA)

Cisco Digital Network Architecture (Cisco DNA) software delivers automation, security, predictive monitoring, and a policy-driven approach.

VIPR Pro integrates with Cisco DNA to ingest, normalize and contextualize vulnerability and software update findings for Cisco networking devices (wireless controllers, SD WANs and routers, and switches), as well as inventory networking assets discovered by Cisco DNA.

Use cases for the integration include:

• Prioritize network operating system and software findings based on contextualized risk and asset profiles
• Group related findings based on common fix (such as operating system update or identified vulnerability)
• Assign asset priority and risk score, and determine asset exposure for de-deduplicated network devices
• Assign ownership for remediation fixes, and operationalize the remediation lifecycle

---

Cisco DNA Center

Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.

Use Cases

• Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
• Enrichment of existing Armis devices with data exposed by Cisco DNA Center

---

Cisco ISE PxGrid

Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.

Learn more about our integration with Cisco ISE

---

Cisco Secure Endpoint

Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.

---

Cisco Secure Workload

Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.

This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco UCS

The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.

This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco Umbrella

Cisco Umbrella is a cloud-delivered security service that provides comprehensive threat intelligence and protection against internet-based threats. It uses DNS and IP layer enforcement to prevent connections to malicious sites before a connection is ever established. Cisco Umbrella also offers secure web gateway capabilities, cloud-delivered firewall, and interactive threat intelligence, making it a robust solution for securing enterprise networks.

The integration between Armis and Cisco Umbrella further enhances customers capabilities by leveraging asset management data as a data source.

---

Cisco Vulnerability Management (Formerly Kenna)

Cisco Vulnerability Management (Formerly Kenna) is a vulnerability management platform. The platform allows customers to bring data from multiple vendors. It uses various techniques to assess, prioritize, and predict risk.

Armis’s integration transforms Armis data about devices and associated vulnerabilities into Kenna Data Importer (KDI) files and pushes the files to Kenna’s Armis Connector.

Users can apply Armis Standard Query ASQ filters when fetching device information.

The integration requires an Armis Asset Vulnerability Management (AVM) license.

ConnectWise Automate is a comprehensive remote monitoring and management (RMM) software designed to streamline IT service delivery and enhance the efficiency of IT operations. Its robust features include remote control, patch management, asset management, automated ticketing, and extensive reporting capabilities. These features help MSPs manage complex networks and deliver reliable IT support to their clients. This provides a fully integrated identity lifecycle with device management, patch management, and system insights across Apple, Windows, and Linux operating systems.

The integration between Armis and ConnectWise Automate further enhances customer capabilities by leveraging asset management data as a data source.

Cradlepoint’s NetCloud Manager is a network service management software platform that uses wireless cellular routers to allow its users to harness the power of LTE and 5G cellular networks to grant access to their network and ensure the security of the network and its users.

Upload CSV data to manually import new assets or add asset attributes for contextual analysis.

Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.

Use Cases

• Device data enrichment
• Enrichment of existing Armis devices with data exposed by Device42.

Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.

This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.

Use Cases

• Device data enrichment:
  • Full visibility of all Dynatrace OneAgent-managed devices.
  • Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).

Compliance

• The State of Dynatrace OneAgent-managed devices.
• Monitoring Mode of the Dynatrace OneAgent-monitored devices.
• View the last time the device was seen.

Elastic Defend provides organizations with prevention, detection, and response capabilities with deep visibility for EPP, EDR, SIEM, and Security Analytics use cases across Windows, macOS, and Linux operating systems running on both traditional endpoints and public cloud environments.

Use Cases

Device data enrichment:

• Full visibility of all Elastic Defend endpoints.
• Correlation of Elastic Defend devices with other data sources (such as Active Directory, WLCs).

Compliance:

• The criticality and Active status of Elastic Defend managed devices.
• View the last time the device was seen.

Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.

Use Cases

• Discover and display insights of any Eseye connected IoT device

Learn more about our integration with Eseye

Armis offers the following Flexera integrations:

Flexera One

Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.

The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.

---

Flexera Spider

Flexera Spider provides IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.

Armis utilizes this integration to enrich the device inventory with information received from Flexera Spider.

Forcepoint Data Loss Prevention (DLP) is a security solution designed to protect sensitive data from unauthorized access and breaches. It identifies, classifies, and monitors data across various environments, enforcing policies to ensure compliance and data integrity.

By analyzing user behavior and providing real-time protection, Forcepoint DLP helps prevent data loss incidents. It is essential for organizations to safeguard critical information and maintain regulatory compliance.

This integration collects information from endpoints, using the Forcepoint DLP database to retrieve the information.

Use Cases

Device data enrichment:

• Full visibility of all Forcepoint DLP endpoints.
• Correlation of Forcepoint DLP endpoints with other data sources (such as Active Directory and WLCs).

Compliance:

• The criticality status of Forcepoint DLP managed devices.
• The Active status of Forcepoint DLP managed devices.
• View the last seen timestamp of the device.

Armis offers the following Google integrations:

Google Chronicle

Chronicle is a cybersecurity telemetry platform for threat hunting, and threat intelligence and is part of the Google Cloud Platform. Chronicle stores log events it receives in two formats: either as the original raw log or structured Unified Data Model (UDM) log. There are two critical elements to consider for parsing, Unified Data Model (UDM) which defines the schema for parsing, and Configuration Based Normalizers (CBN) which describes how to log data is transformed to the UDM schema.

Chronicle Integration for Armis:
The Chronicle integration for Armis enables the transfer and parsing of Armis Alerts, Activities, Devices, and Vulnerabilities in the Chronicle. These parsed events can be utilized for search, reporting, and visualization workflows.

The ingestion script ingests the following 4 types of event categories:

• Armis Alerts
• Armis Activities
• Armis Devices
• Armis Vulnerabilities

---

Google Cloud Platform (GCP)

GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.

Use Cases

• Retrieve information on GCP related devices, including their identification and operating system details.

---

Google Endpoint Manager – ChromeOS

Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.

The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Google Project Zero

Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.

The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

---

Google Security Operations SOAR

Armis and Google Security Operations SOAR enable organizations to take action automatically to protect critical information and systems.

(Organizational Unique Identifier) The part of the MAC address that identifies the vendor of the network adapter. The OUI is the first three bytes of the six-byte field and is administered by the IEEE.

Use Cases

• Assists in identifying assets by manfactuturer, type and category

The OUI integration is automatically enabled for Armis customers

Armis offers the following Ivanti integrations:

Ivanti Endpoint Management (Landesk)

Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.

Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.

Use Cases

• Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
• View the last inventory scan time of devices.
• View the last login time of devices.

---

Ivanti Neurons for MDM

Ivanti Neurons for MDM offers a robust mobile device management (MDM) solution designed to assist organizations in administering and safeguarding various mobile devices, such as smartphones, tablets, and computers. This unified management platform is compatible with a range of operating systems, including iOS, Android, macOS, ChromeOS, and Windows, allowing for seamless device management across diverse ecosystems.

Use Cases

Device data enrichment:

• Full visibility of all Ivanti Neurons for MDM devices.
• Correlation of Ivanti Neurons for MDM devices with other data sources (such as Active Directory and WLCs).
• Data related to network interfaces associated with the devices.
• Additional data related to applications associated with the devices.

User data enrichment:

• Full visibility of all Ivanti Neurons for MDM users.

Compliance:

• View the last check-in time of the Ivanti Neurons for MDM devices.

Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.

Use Cases

Provide detailed profile information on all Jamf managed devices, including:

• Last Check-in date
• Device name
• Network information
• Warranty status, etc.
• The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)

Verify device compliance with JAMF policies by detecting:

• Missing or malfunctioning Jamf agents
• Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed
• Identify the last logged-in device user

JumpCloud provides secure, frictionless device and identity management. This gives a fully integrated identity lifecycle with multi-factor authentication, mobile device management, patch management, and system insights across Apple, Windows, and Linux operating systems. The integration between Armis and JumpCloud helps with asset management for identification, analysis, and risk assessment purposes.

Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.

Use Cases

• Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
• Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
• Identify the last logged-in device user.

Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes.

Lmntrix provides continuous monitoring and on-demand analysis of your network, helping you to prevent cyber attacks. The integration between Armis and Lmntrix further enhances customer capabilities by leveraging asset management data as a data source.

• Device data enrichment.
• Full visibility of all Lmntrix managed device profile information, such as the Last check-in date, device name, network information, and status.
• Full visibility of the entire Lmntrix asset inventory.

Armis offers the following ManageEngine integrations:

ManageEngine – Endpoint Central

ManageEngine Endpoint Central is a Unified Endpoint Management (UEM) and security software that comprehensively addresses the requirements of IT administrators. It helps IT administrators to perform patch management, software deployment, OS deployment and take remote control to troubleshoot devices. And with the help of endpoint security features, which includes vulnerability assessment, application control, device control, BitLocker management and browser security, IT administrators can safeguard their network endpoints. Furthermore, Endpoint Central integrates seamlessly with ManageEngine and other third-party solutions.

Use Cases

Device data enrichment:

• Full visibility of all ManageEngine Endpoint Central managed devices
• Correlation of ManageEngine Endpoint Central managed devices with other data sources (such as Active Directory, WLCs).

Compliance:

• The state of ManageEngine Endpoint Central managed devices
• The scan status of the ManageEngine Endpoint Central managed devices
• The agent status of the ManageEngine Endpoint Central managed devices
• View the last time the device was seen

---

ManageEngine ServiceDesk

ServiceDesk Plus is a service management solution that combines IT service management, IT asset management, and CMDB with enterprise service management capabilities.

VIPR Pro supports bidirectional integration with ManageEngine ServiceDesk for: automating ticket generation with remediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.

Armis offers the following Microsoft integrations:

Microsoft Active Directory

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.
• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

---

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

---

Microsoft Azure DevOps

Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.

VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.

---

Microsoft Azure Sentinel

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

---

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Microsoft DHCP

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

---

Microsoft Endpoint Manager (Intune)

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Microsoft Entra (formerly Azure AD)

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

---

Microsoft Hyper-V

Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.

This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.

Use Cases

Device data enrichment:

• Full visibility of all Microsoft Hyper-V managed VMs and Hosts
• Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)

Compliance:

• The creation time of Microsoft Hyper-V VMs

---

Microsoft System Center Configuration Manager (SCCM) & Bitlocker

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

Mosyle is a leading solution designed to empower educational institutions and businesses with seamless device management, security, and productivity features. Developed primarily for Apple devices, including iPhones, TVs, and Mac computers, Mosyle provides a comprehensive platform to efficiently manage large fleets of devices while optimizing the end-user experience.

This integration collects information for different types of devices such as iOS, Mac, and tvOS from Mosyle. It uses the Mosyle Devices API endpoint to get the information.

Use Cases

Device data enrichment:

• Full visibility of different types of Mosyle devices.
• Additional data related to network interfaces associated with the devices.
• Correlation of Mosyle devices with other data sources (such as Active Directory, WLCs).
• View the last time the device was seen.

The integration between Armis and Nautobot helps customers with asset management as a data source for identification, network analysis, and risk-assessment purposes.

The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

Use Cases

• Provide detailed information on all NetBox related devices and correlate it with other data sources.

NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.

NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.

Use Cases

• Device data enrichment:
  • Full visibility of all NinjaOne-managed devices
  • Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)

Nutanix Prism is the control plane that simplifies and streamlines common workflows to make hypervisor and VM setup as easy as checking your email. This integration will fetch from the Prism API all information on the running VMs and Hosts in the environment.

Use Cases

• Provide detailed information on all Nutanix Prism-related devices and correlate it with other data sources
• Retrieve partial details about the operating system running on a device

Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.

Use Cases

Enrich existing Armis devices with data exposed by Nuvolo:

• Asset Tag
• Asset State
• Operation Status
• Owning Department
• Install Date
• Is Critical
• End of Support
• End of Life

Verify compliance with Nuvolo policies by detecting:

• Missing or malfunctioning Nuvolo agents
• Nuvolo agents running out-of-date software versions
• Devices that are not running a Nuvolo agent, such as:
  • Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.

• Push/send device interaction data to CMMS for use in displaying device dependency visualizations.
• Identify the last logged-in device user.

Learn more about our integration with Nuvolo

Phosphorus is an asset inventory and patch-management tool in OT.

The Phosphorus integration enables Armis users to view, consume, and leverage basic asset profile data from Phosphorus.

Puppet is an open source software configuration management and deployment tool.

Use Cases

• Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications

Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.

Use Cases

• Device data enrichment:
  • Full visibility of all Quest KACE managed devices
  • Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)

Radia is Endpoint Manager software that provides a unified way for organizations to manage constellation of endpoints, including PCs, servers, smartphones, thin clients, and VDIs to industry-specific devices such as ATMs, POS devices, and medical devices, from a single-pane-of-glass console.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.

Use Cases

• Device data enrichment
• Enrichment of existing Armis devices with data exposed by Red Hat Satellite

Armis offers the following Rockwell integrations:

Rockwell AssetCentre

Rockwell AssetCentre software is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information.

AssetCentre allows the organization to manage all existing Rockwell assets across the environment.

Armis integrates with AssetCentre to enrich existing devices with the info pulled from the AssetCentre server. Among the existing types of info that are available through the integration are:

• Identification of the Asset
• Enrichment of the Asset with basic profile fields such as network identifiers, model, and hostname

---

Rockwell Engineering Workstation (EWS)

Rockwell Automation is a provider of industrial automation and information technology.

Use Cases

• Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
• Provide enhanced information on slots and nested devices

Rockwell ThinManager is a centralized platform allowing the organization to easily manage all existing ThinClients across the environment.

Armis integrates with ThinManager by using its API and enriches existing devices by the info pulled from the ThinManager server. Among the existing types of info that are available through the integration are:

• Identifying an Asset as a ThinClient and pulling basic profile info such as network identifiers, model, and hostname.

Salt Security delivers deep context with real-time analytics and continuous insights for API discovery, attack prevention, and protection.

VIPR Pro integrates with Salt Security to ingest, normalize and contextualize Web application vulnerability and API security issues, as well as inventory Web application URLs discovered by Salt Security.

Use cases for the integration include:

• Prioritize Web application vulnerability findings based on contextualized risk and asset profiles
• Assign asset priority and risk score, and determine asset exposure for de-deduplicated scanned domain names
• Assign ownership for remediation fixes, and operationalize the remediation lifecycle

SaltStack, also known as Salt, is a configuration management and orchestration tool.

Use Cases

• Provide detailed information on all SaltStack related devices and correlate it with other data sources
• Retrieve the details about the operating system running on a device

Saviynt Enterprise Identity Cloud is a cloud identity and access governance platform.

Armis utilizes this integration to enrich the device inventory with device and application information.

Connect to an EcoStruxure Building Operation Enterprise Server

Armis offers the following ServiceNow integrations:

ServiceNow (Pull)

ServiceNow is a cloud-based software platform for IT Service Management (ITSM) that helps automate IT Business Management. It is designed based on ITIL guidelines to provide service orientation for tasks, activities, and processes.

Armis utilizes this integration to enrich the device inventory with device and user information.

Use Cases

• Retrieve detailed information on assets that are inventoried in ServiceNow
• Enrichment of existing Armis devices with data exposed by ServiceNow
• Identify assets discovered by Armis but not known to ServiceNow

---

ServiceNow Armis Security Incident

Import Armis Alerts as ServiceNow Security Incidents.

The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.

Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more.

• Open tickets automatically for unmanaged, IoT, OT, medical device incidents
• Import Security Incidents in near real-time
• Triage, prioritize, and close Armis Alerts from ServiceNow
• Stop threats efficiently with policy-based enforcements Use Cases
• Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
• Receive additional and contextual information about devices and events from the Armis platform
• Leverage policy-based actions in the Armis platform to remediate threats and  update incidents for greater accuracy and efficiency.
• Import Armis Alerts as ServiceNow Security Incidents.
• Guided Setup and Embedded Help articles provide intuitive user experience.
• Integration Dashboards help contextualize and prioritize Armis Alerts.

---

ServiceNow CMDB

Armis sends device information to the ServiceNow CMDB.

---

ServiceNow Incident Integration

The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.

Use Cases

• Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IT, IoT, OT/ICS, and medical devices
• Receive additional and contextual information about devices and events from the Armis platform
• Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.

---

ServiceNow Ticketing

Armis sends alert information to the ServiceNow platform for incident workflow and remediation.

---

ServiceNow Vulnerability Response

Import Armis Device Vulnerabilities into ServiceNow
Armis is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems.  Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.

Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there–and what’s not.

When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.

Use Cases

• ServiceNow Operational Technology (OT) Certified
• Compatible with ServiceNow OT VR
• Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
• Prioritize device vulnerabilities to aid remediation efforts
• Automatically close stale Vulnerabilities
• Cross customer data to provide increased threat intelligence
• Designed to be fully compatible with the Service Graph Connector for Armis
• Guided Setup helps you get up and running quickly
• Support your Operational Technology OT VR workflows alongside IT VR

---

Learn more about our integrations with ServiceNow

Snow Software Asset Management (Atlas) is a software inventory management tool that utilizes API Integrations and the Snow Agent to collect up-to-date software inventory.

Armis utilizes this integration to enrich the device inventory with device and application information.

Use Cases

• Retrieve detailed information on devices that are managed by Snow
• Enrichment of existing Armis devices with data exposed by Snow

Armis offers the following SolarWinds integrations:

SolarWinds Orion

SolarWinds Orion is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.

Use Cases

Device data enrichment:

• Full visibility of all the devices from SolarWinds Orion for the following:
  • Devices Managed as a Node
  • Cloud Instances for AWS and Azure Cloud Providers
  • Additional data related to the Server and Applications as well as Network Interfaces with Server
  • Application (SAM)/Server Configuration Monitor (SCM) modules of SolarWinds Orion
  • Correlation of SolarWinds Orion managed devices with other data sources (such as Active Directory, WLCs)

Compliance:

• The status of SolarWinds Orion managed devices
• The states of the Cloud managed devices
• View the last sync time of the devices

---

SolarWinds Web Helpdesk

SolarWinds Web Helpdesk helps you to automate the process of asset discovery, tracking, and reporting of your hardware and software assets. Assign an asset to a specific user and get a granular view of a computer’s hardware and software.

SOTI MobiControl is a Enterprise Mobility Management (EMM) solution that provides visibility and control over where your business-critical mobile devices are, what they’re doing, how they’re performing, and what security or compliance risks they’re facing.

Deploy apps to smartphones. Enroll and provision new tablets in the field. Track the location of rugged devices. Identify and neutralize security risks to the Internet of Things (IoT) endpoints. Protect critical data stored on mobile devices. Minimize device downtime so field workers stay productive.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

With Armis and Stellar Cyber working together, security teams have a powerful integrated solution that eliminates the time-consuming manual-intensive tasks associated with finding asset and device data related to any potential threat. When an Armis user deploys Stellar Cyber, this critical information can automatically be incorporated into Stellar Cyber Open XDR Platform, providing security analysts with all the context they need to determine the full scope of an attack and take decisive action.

Learn more about our integration with Stellar Cyber

Armis offers the following Symantec integrations:

Symantec Asset Management Suite (Altiris)

Symantec Asset Management Suite (formerly named Altiris) improves visibility into IT assets at every point in the lifecycle to reduce costs and fulfil compliance initiatives.

This integration collects information related to assets from the Symantec Asset Management instance. It uses the Database to get the information from the different tables available in the database.

Use Cases

Device data enrichment:

• Full visibility of all the devices from Symantec Asset Management
• Additional data related to network interfaces and the applications associated with the devices
• Correlation of Symantec Asset Management devices with other data sources (such as Active Directory, WLCs)
• View the last agent communication time of the devices

---

Symantec Endpoint Protection – Broadcom

Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.

Use Cases

• Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

Armis offers the following Tanium integrations:

Tanium Asset

Tanium Asset provides a comprehensive inventory of hardware and software assets across your environment. This integration provides detailed profile information on all Tanium Asset devices.

Use Cases

• Enrichment of existing Armis devices with data exposed by Tanium Asset.
• Device identification and inventory of installed applications.
• User-to-Device association.

---

Tanium Comply

Tanium Comply conducts vulnerability and compliance assessments against operating systems, applications, software supply chain, and security configurations and policies.

The Tanium Comply integration imports CVE data (that is, asset vulnerabilities) about the assets that the associated Tanium Comply instance manages.

Use Case

• Integrate Tanium Comply CVE findings into Armis, prioritize them against other CVE findings in the organization, open tickets, and track their remediation process.

---

Tanium Discover

Tanium Discover shows the hostname, MAC and IP addresses, device manufacturer, OS, open ports/applications and historical information such as the first and last time the unmanaged asset was seen on the network.

Use Cases

• Enrichment of existing Armis devices with data exposed by Tanium Discover.

Compliance

• Detection of unmanaged devices that are capable of being managed by Tanium. Detection of unmanageable devices.

---

Tanium Interact

The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.

Use Cases

• Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
• Compliance:
  • Detection of missing or malfunctioning Tanium Interact agents
  • Detection of Tanium Interact agents running out-of-date software versions
  • Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
  • Ability to view the last logged-in device user

The Vectra Platform provides AI-driven threat detection and response for hybrid and multi-cloud environments. Vectra leverages patented Security AI to pinpoint attacker methods, prioritize threats, and automate response controls. Using the Vectra Platform, you gain unified attack visibility, context across public clouds, SaaS, identities, networks, and endpoints, as well as controls to respond effectively immediately.

Use Cases

• Analyze security gaps – ensure Vectra covers all assets and understand the health of the Vectra platform
• Enrichment of existing Armis devices with data exposed by Vectra

Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.

Use Cases

• Retrieve detailed information on all Viakoo related devices
  • The information includes Service Date, Compliance Status, Priority, Availability, and more
  • The information is correlated with other data sources
• Use data exposed by Viakoo to create new devices in the Armis Platform

Learn more about our integration with Viakoo

Armis offers the following VMware integrations:

VMware Carbon Black

VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.

Use Cases

• Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
• Detect compliance of missing or malfunctioning Carbon Black Defense agents
• Detect Carbon Black Defense agents running out-of-date software versions
• Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
• Identify the last logged-in device user

---

VMware vCenter / ESXi

• Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
• Retrieve partial details about the operating system running on a device

---

VMware Workspace ONE

VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

Absolute is an endpoint security and data risk management company that provides software for visibility of devices and data and for security breach remediation.

Armis offers the following AWS integrations:

Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.

Use Cases

Device data enrichment:

• Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.

Compliance:

• Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).

---

AWS Security Hub

AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation.

VIPR Pro ingests Security Hub findings and associates them with deduplicated cloud asset and resource profiles to automate prioritization based on security risk and business impact and operationalize the process of remediating critical findings.

Armis offers integrations with the following Aruba offerings:

Aruba Central

Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

---

Aruba ClearPass

Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.

Use Cases

• Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
• The retrieved information is correlated with other data sources
• Detect missing or malfunctioning agents
• Detect out-of-life or out-of-support agent versions
• Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass

---

Aruba Instant

Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

---

Aruba WLC

Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

Use Cases

Device Enrichment – view, search and visualize:

• Access points & switches managed by Aruba WLC
• Wireless Clients
• Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
• Visibility: View current and historic wireless connections between devices and access points
• Define policies on abnormal connections
• Detect rogue access points

BigFix helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
• Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.

Armis offers the following Check Point integrations:

Check Point Harmony (Sandblast)

Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.

Use Cases

• Device data enrichment
• Full visibility of all Check Point Harmony Endpoint managed devices
• Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)

Compliance

• The compliance status of Check Point Harmony Endpoint managed devices
• Isolation status of Check Point Harmony Endpoint managed devices
• View the groups in which the devices are located
• View the last time the device was accessed

---

Check Point IoT

Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.

Use Cases

• Analyze traffic logs.

• Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.

• Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.

Learn more about our integration with Check Point

Armis offers the following Cisco integrations:

Cisco ASA

The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.

Use Cases

• Retrieve information on all Cisco ASA devices and correlate it with other data sources.
• Collect information of the operating system running on the device.

---

Cisco Catalyst WLC

A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.

Use Cases

• Retrieve information on all Cisco WLC devices and correlate it with other data sources.

---

Cisco Cyber Vision

Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments

---

Cisco Digital Network Architecture (Cisco DNA)

Cisco Digital Network Architecture (Cisco DNA) software delivers automation, security, predictive monitoring, and a policy-driven approach.

VIPR Pro integrates with Cisco DNA to ingest, normalize and contextualize vulnerability and software update findings for Cisco networking devices (wireless controllers, SD WANs and routers, and switches), as well as inventory networking assets discovered by Cisco DNA.

Use cases for the integration include:

• Prioritize network operating system and software findings based on contextualized risk and asset profiles
• Group related findings based on common fix (such as operating system update or identified vulnerability)
• Assign asset priority and risk score, and determine asset exposure for de-deduplicated network devices
• Assign ownership for remediation fixes, and operationalize the remediation lifecycle

---

Cisco DNA Center

Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.

Use Cases

• Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
• Enrichment of existing Armis devices with data exposed by Cisco DNA Center

---

Cisco ISE PxGrid

Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.

Learn more about our integration with Cisco ISE

---

Cisco Secure Endpoint

Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.

---

Cisco Secure Workload

Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.

This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco UCS

The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.

This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco Umbrella

Cisco Umbrella is a cloud-delivered security service that provides comprehensive threat intelligence and protection against internet-based threats. It uses DNS and IP layer enforcement to prevent connections to malicious sites before a connection is ever established. Cisco Umbrella also offers secure web gateway capabilities, cloud-delivered firewall, and interactive threat intelligence, making it a robust solution for securing enterprise networks.

The integration between Armis and Cisco Umbrella further enhances customers capabilities by leveraging asset management data as a data source.

---

Cisco Vulnerability Management (Formerly Kenna)

Cisco Vulnerability Management (Formerly Kenna) is a vulnerability management platform. The platform allows customers to bring data from multiple vendors. It uses various techniques to assess, prioritize, and predict risk.

Armis’s integration transforms Armis data about devices and associated vulnerabilities into Kenna Data Importer (KDI) files and pushes the files to Kenna’s Armis Connector.

Users can apply Armis Standard Query ASQ filters when fetching device information.

The integration requires an Armis Asset Vulnerability Management (AVM) license.

Cloud-to-cloud integration gives you visibility into the devices and software on your network, connections between devices, and services being used.

Learn more about our integration with Cisco Meraki

Device42 ITSM system provides comprehensive IT asset management capabilities, including powerful asset auto–discovery and configurable asset types to completely document all IT assets across your infrastructure deployment.

Use Cases

• Device data enrichment
• Enrichment of existing Armis devices with data exposed by Device42.

Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.

This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.

Use Cases

• Device data enrichment:
  • Full visibility of all Dynatrace OneAgent-managed devices.
  • Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).

Compliance

• The State of Dynatrace OneAgent-managed devices.
• Monitoring Mode of the Dynatrace OneAgent-monitored devices.
• View the last time the device was seen.

EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.

Eseye is a product that enables connecting IoT devices to the cellular network using a SIM that is plug-and-play and allows moving devices anywhere while having them communicate with the Internet seamlessly.

Use Cases

• Discover and display insights of any Eseye connected IoT device

Learn more about our integration with Eseye

Armis offers the following Extreme Networks integrations:

Extreme CloudiQ

ExtremeCloud IQ is an industry-leading approach to cloud-driven networking, designed to take full advantage of Extreme’s end-to-end networking solutions. It delivers unified, full-stack management of access points, switches, and SD-WAN. ExtremeCloud IQ uses innovative ML technologies to analyze and interpret millions of network and user data points, from the edge to the data center, to power actionable business and IT insights. This innovative platform streamlines operations by delivering new levels of network automation and intelligence.

Use Cases

Device data enrichment:

• Full visibility of all ExtremeCloud IQ devices and its associated clients.
• Correlation of ExtremeCloud IQ clients and devices with other data sources (such as Active Directory, and WLCs).

Compliance:

• The number of clients connected to the device.
• Location of the assets.
• View the last time the device was seen.

---

Extreme WLC

Extreme Networks Wireless LAN Controller (WLC) gives the network administrators the ability to see all the data and information linked to the network. They are able to observe on the device the hardware status, the situation of the physical ports, and a summary of the Access Points (APs) connected anytime they want.

Armis offers the following Flexera integrations:

Flexera One

Flexera provides SaaS-based IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.

The integration retrieves detailed information on Flexera managed devices. The retrieved information is correlated with other data sources.

---

Flexera Spider

Flexera Spider provides IT management solutions that improve enterprise control and management of IT assets, reduce ongoing software costs, and ensure license compliance.

Armis utilizes this integration to enrich the device inventory with information received from Flexera Spider.

Armis offers the following Google integrations:

Google Chronicle

Chronicle is a cybersecurity telemetry platform for threat hunting, and threat intelligence and is part of the Google Cloud Platform. Chronicle stores log events it receives in two formats: either as the original raw log or structured Unified Data Model (UDM) log. There are two critical elements to consider for parsing, Unified Data Model (UDM) which defines the schema for parsing, and Configuration Based Normalizers (CBN) which describes how to log data is transformed to the UDM schema.

Chronicle Integration for Armis:
The Chronicle integration for Armis enables the transfer and parsing of Armis Alerts, Activities, Devices, and Vulnerabilities in the Chronicle. These parsed events can be utilized for search, reporting, and visualization workflows.

The ingestion script ingests the following 4 types of event categories:

• Armis Alerts
• Armis Activities
• Armis Devices
• Armis Vulnerabilities

---

Google Cloud Platform (GCP)

GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.

Use Cases

• Retrieve information on GCP related devices, including their identification and operating system details.

---

Google Endpoint Manager – ChromeOS

Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.

The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Google Project Zero

Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.

The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

---

Google Security Operations SOAR

Armis and Google Security Operations SOAR enable organizations to take action automatically to protect critical information and systems.

The HP WLC (Wireless Controller) delivers high-performance traffic and data routing, Dynamic Segmentation, role-based access, and other functionality for network access, security, and resiliency across WLAN, LAN, and SD-WAN. The integration with HP WLC allows Armis to ingest information about the wireless networks managed by HP WLC, including the network infrastructure equipment and the clients (endpoints) connected to the network.

Use Cases

• Provide detailed information on HP WLC equipment, including its identification and profile
• Collect information on HP WLC-managed Access Points (APs)
• Fetch detailed information on Clients (endpoints) that connect to Access Points.
• Monitor and analyze wireless connections by viewing time and duration of each connection between an endpoint and an AP
• Map which endpoints are connected to which APs in the network

Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Illumio.

Armis offers the following Ivanti integrations:

Ivanti Endpoint Management (Landesk)

Ivanti Endpoint Management (EPM) provides complete visibility across the endpoints, including Windows and Linux PCs, servers, and laptops and proactively secures and heals devices with AI-powered automation.

Ivanti Endpoint Management provides information on all client devices, including Windows, macOS and Linux. It supports enterprises with device management, featuring remote control and problem resolution, monitoring and alerting, inventory discovery, license management, and more.

Use Cases

• Device data enrichment: Full visibility of all Ivanti EPM-managed PCs, laptops, and servers.
• View the last inventory scan time of devices.
• View the last login time of devices.

---

Ivanti Neurons for MDM

Ivanti Neurons for MDM offers a robust mobile device management (MDM) solution designed to assist organizations in administering and safeguarding various mobile devices, such as smartphones, tablets, and computers. This unified management platform is compatible with a range of operating systems, including iOS, Android, macOS, ChromeOS, and Windows, allowing for seamless device management across diverse ecosystems.

Use Cases

Device data enrichment:

• Full visibility of all Ivanti Neurons for MDM devices.
• Correlation of Ivanti Neurons for MDM devices with other data sources (such as Active Directory and WLCs).
• Data related to network interfaces associated with the devices.
• Additional data related to applications associated with the devices.

User data enrichment:

• Full visibility of all Ivanti Neurons for MDM users.

Compliance:

• View the last check-in time of the Ivanti Neurons for MDM devices.

Jamf is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.

Use Cases

Provide detailed profile information on all Jamf managed devices, including:

• Last Check-in date
• Device name
• Network information
• Warranty status, etc.
• The information is correlated with other data sources (such as Crowdstrike, FireEye, etc.)

Verify device compliance with JAMF policies by detecting:

• Missing or malfunctioning Jamf agents
• Jamf agents running out-of-date software versionsevices that are not running a Jamf agent, such as Macbooks running CrowdStrike without a Jamf agent installed
• Identify the last logged-in device user

Kaseya VSA is an integrated IT systems management platform for remote monitoring, remote control, and patch management.

Use Cases

• Provide detailed profile information on all Kaseya VSA managed devices, such as Last Check-in date, Device name, network information, etc. The information is correlated with other data sources.
• Verify device compliance with Kaseya VSA policies by detecting: Missing or malfunctioning Kaseya VSA agents, Kaseya VSA agents running out-of-date software versions, devices that are not running a Kaseya VSA agent.
• Identify the last logged-in device user.

Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.

Use Case

• Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.

Armis offers the following Microsoft integrations:

Microsoft Active Directory

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.
• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

---

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

---

Microsoft Azure DevOps

Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.

VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.

---

Microsoft Azure Sentinel

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

---

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Microsoft DHCP

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

---

Microsoft Endpoint Manager (Intune)

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Microsoft Entra (formerly Azure AD)

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

---

Microsoft Hyper-V

Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.

This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.

Use Cases

Device data enrichment:

• Full visibility of all Microsoft Hyper-V managed VMs and Hosts
• Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)

Compliance:

• The creation time of Microsoft Hyper-V VMs

---

Microsoft System Center Configuration Manager (SCCM) & Bitlocker

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

The integration between Armis and NetBox helps customers with asset management as a data source for identification, network analysis and risk assessment purposes.

Use Cases

• Provide detailed information on all NetBox related devices and correlate it with other data sources.

NetBrain is an adaptive network automation platform, integrating with hardware, software, virtualization and SDN vendors to provide end-to-end network visibility.

Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.

Use Cases

• Identify network equipment
• Retrieve ARP tables

NinjaOne is a unified RMM (Remote Monitoring and Management) solution that allows MSPs and IT departments to automate, manage, and remediate all their endpoint management tasks.

Use Cases

• Device data enrichment:
  • Full visibility of all NinjaOne-managed devices
  • Correlation of NinjaOne-managed devices with other data sources (such as Active Directory, WLCs)

Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.

Use Cases

• Provide detailed device information and correlate it with other data sources
• Retrieve and collect user data
• Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory

The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.

Puppet is an open source software configuration management and deployment tool.

Use Cases

• Retrieve information on Puppet related devices, including their identification, operating system details, and installed applications

Quest KACE Endpoint Systems Management Appliances provide, manage, secure, and service network-connected devices. It provides automated endpoint-related administrative tasks, inventory of all hardware and software, patch management software for mission-critical applications and operating systems, reduced risk of a breach and guaranteed software license compliance.

Use Cases

• Device data enrichment:
  • Full visibility of all Quest KACE managed devices
  • Correlation of Quest KACE managed devices with other data sources (such as Active Directory, WLCs)

Red Hat Satellite is a powerful tool for IT admin for a business or school, to manage their organization’s Red Hat devices from their Satellite console. With this feature, the IT admin can enforce policies, set up Red Hat features for users, provide access to internal VPNs and Wi-Fi networks, and enforce the installation of apps and extensions.

Use Cases

• Device data enrichment
• Enrichment of existing Armis devices with data exposed by Red Hat Satellite

Armis offers the following Rockwell integrations:

Rockwell AssetCentre

Rockwell AssetCentre software is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information.

AssetCentre allows the organization to manage all existing Rockwell assets across the environment.

Armis integrates with AssetCentre to enrich existing devices with the info pulled from the AssetCentre server. Among the existing types of info that are available through the integration are:

• Identification of the Asset
• Enrichment of the Asset with basic profile fields such as network identifiers, model, and hostname

---

Rockwell Engineering Workstation (EWS)

Rockwell Automation is a provider of industrial automation and information technology.

Use Cases

• Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
• Provide enhanced information on slots and nested devices

SaltStack, also known as Salt, is a configuration management and orchestration tool.

Use Cases

• Provide detailed information on all SaltStack related devices and correlate it with other data sources
• Retrieve the details about the operating system running on a device

Armis offers the following ServiceNow integrations:

ServiceNow (Pull)

ServiceNow is a cloud-based software platform for IT Service Management (ITSM) that helps automate IT Business Management. It is designed based on ITIL guidelines to provide service orientation for tasks, activities, and processes.

Armis utilizes this integration to enrich the device inventory with device and user information.

Use Cases

• Retrieve detailed information on assets that are inventoried in ServiceNow
• Enrichment of existing Armis devices with data exposed by ServiceNow
• Identify assets discovered by Armis but not known to ServiceNow

---

ServiceNow Armis Security Incident

Import Armis Alerts as ServiceNow Security Incidents.

The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.

Tickets opened by the Armis platform include comprehensive device and incident details such as the device type, classification, threats, vulnerabilities, and more.

• Open tickets automatically for unmanaged, IoT, OT, medical device incidents
• Import Security Incidents in near real-time
• Triage, prioritize, and close Armis Alerts from ServiceNow
• Stop threats efficiently with policy-based enforcements Use Cases
• Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IoT, OT/ICS, and medical devices
• Receive additional and contextual information about devices and events from the Armis platform
• Leverage policy-based actions in the Armis platform to remediate threats and  update incidents for greater accuracy and efficiency.
• Import Armis Alerts as ServiceNow Security Incidents.
• Guided Setup and Embedded Help articles provide intuitive user experience.
• Integration Dashboards help contextualize and prioritize Armis Alerts.

---

ServiceNow CMDB

Armis sends device information to the ServiceNow CMDB.

---

ServiceNow Incident Integration

The Armis Incident Integration opens an incident in ServiceNow automatically. The Armis platform’s cloud-based threat detection engine uses machine learning and artificial intelligence to detect when a device is operating outside of its normal known-good baseline. Deviations could indicate device misconfigurations, policy violations, abnormal behavior such as inappropriate connection requests or unusual software running on a device, or threats that indicate a device has been compromised.

Use Cases

• Identify and mitigate risks of all devices automatically as they connect to your network, including unmanaged, IT, IoT, OT/ICS, and medical devices
• Receive additional and contextual information about devices and events from the Armis platform
• Leverage policy-based actions in the Armis platform to remediate threats and to update incidents for greater accuracy and efficiency.

---

ServiceNow Ticketing

Armis sends alert information to the ServiceNow platform for incident workflow and remediation.

---

ServiceNow Vulnerability Response

Import Armis Device Vulnerabilities into ServiceNow
Armis is the first agentless, passive, enterprise-class security platform to address the new threat landscape of managed, unmanaged and IoT devices. It discovers every asset in your environment, analyzes device behavior to identify risks or attacks, and protects your critical business information and systems.  Together, Armis and ServiceNow provide a unified asset management solution for any managed, unmanaged, IoT, medical, and manufacturing/OT device.

Continuous, Reliable Device Visibility
Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there–and what’s not.

When integrated with the ServiceNow Vulnerability Response Module, the Armis platform ensures that ServiceNow always has the latest vulnerabilities matched to Armis discovered devices. Armis continuously and passively monitors in real time all network devices to ensure vulnerabilities are correctly matched giving you a complete up to date vulnerability profile for all devices on your network.

Use Cases

• ServiceNow Operational Technology (OT) Certified
• Compatible with ServiceNow OT VR
• Real-time discovery against your full device inventory, including OT, IoT, and unmanaged devices.
• Prioritize device vulnerabilities to aid remediation efforts
• Automatically close stale Vulnerabilities
• Cross customer data to provide increased threat intelligence
• Designed to be fully compatible with the Service Graph Connector for Armis
• Guided Setup helps you get up and running quickly
• Support your Operational Technology OT VR workflows alongside IT VR

---

Learn more about our integrations with ServiceNow

Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.

The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial Control Systems (ICS) environment is now possible.

Use Cases

• Fast enrichment of Siemens devices using Siemens Software Engineering files
• Full inventory information enrichment of existing devices-profile, modules information, etc.
• Creation of nested devices not visible to Armis through traffic inspection

Use Cases

• Inspect traffic
• Monitor activities
• Track connections
• Provide relevant data for accurate device identification
• Assist in user association

Viakoo is an IoT Systems Management platform that provides capabilities like password rotation, firmware update and certificate rotation for IoT devices.

Use Cases

• Retrieve detailed information on all Viakoo related devices
  • The information includes Service Date, Compliance Status, Priority, Availability, and more
  • The information is correlated with other data sources
• Use data exposed by Viakoo to create new devices in the Armis Platform

Learn more about our integration with Viakoo

Armis offers the following VMware integrations:

VMware Carbon Black

VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.

Use Cases

• Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
• Detect compliance of missing or malfunctioning Carbon Black Defense agents
• Detect Carbon Black Defense agents running out-of-date software versions
• Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
• Identify the last logged-in device user

---

VMware vCenter / ESXi

• Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
• Retrieve partial details about the operating system running on a device

---

VMware Workspace ONE

VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Retrieve detailed information on cloud resources that are seen by Wiz
• Enrichment of existing Armis devices with data exposed by Wiz

Armis and Zscaler integrate to retrieve detailed information about Zscaler-managed devices, users, and network traffic, and correlate it with other sources.

The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.

Use Case

Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.

These complementary abilities enable the following—and more:

• Automatic enforcement of endpoint-agent coverage
• Faster threat mitigation and threat remediation
• Reducing risks through orchestrated vulnerability response and vulnerability remediation

Amazon Security Lake automatically centralizes security data from AWS environments, SaaS providers, on premises, and cloud sources into a purpose-built data lake stored in AWS customer accounts.

The Armis integration with Amazon Security Lake enables customers to seamlessly ingest and analyze security data from Armis within their AWS environment. The integration with Amazon Security Lake enhances the security operations of AWS customers and helps to safeguard your cloud infrastructure through extended visibility into connected devices and associated security findings.

The Armis integration transforms Armis data about device and alert properties into the Open Cybersecurity Schema Framework (OCSF) format, including device risk scores and finding severity.

Armis offers the following AWS integrations:

Amazon Web Services (AWS) integration supports a broad set of global cloud-based products, such as EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.

Use Cases

Device data enrichment:

• Full visibility of all AWS resources in the Armis Platform and correlation of their details with other data sources.

Compliance:

• Detection of devices missing EDR or vulnerability scans (when integrating with an additional vulnerability scan integration).

---

AWS Security Hub

AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation.

VIPR Pro ingests Security Hub findings and associates them with deduplicated cloud asset and resource profiles to automate prioritization based on security risk and business impact and operationalize the process of remediating critical findings.

Lacework provides data-driven cloud security at scale.

VIPR Pro ingests, normalizes and deduplicates Lacework workload, cloud service, cloud infrastructure, container and image vulnerability, run-time and misconfigurations alerts to automate prioritization of findings based on security risk and enriched asset profiles, and operationalize the remediation lifecycle with automated ownership assignment.

Armis offers the following Microsoft integrations:

Microsoft Active Directory

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.
• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

---

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

---

Microsoft Azure DevOps

Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.

VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.

---

Microsoft Azure Sentinel

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

---

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Microsoft DHCP

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

---

Microsoft Endpoint Manager (Intune)

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Microsoft Entra (formerly Azure AD)

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

---

Microsoft Hyper-V

Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.

This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.

Use Cases

Device data enrichment:

• Full visibility of all Microsoft Hyper-V managed VMs and Hosts
• Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)

Compliance:

• The creation time of Microsoft Hyper-V VMs

---

Microsoft System Center Configuration Manager (SCCM) & Bitlocker

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.

Use Cases

• Enrichment of existing Armis devices with data exposed by Netskope.

The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.

Orca Security secures enterprise multi-cloud environments at scale.

VIPR Pro ingests Orca findings, enriches prioritization based on asset profile, business risk weighting and root cause analysis, and operationalizes the cloud security remediation lifecycle – from Wiz findings to ownership assignment, remediation status and trend reporting.

Armis offers the following Palo Alto Networks integrations:

Palo Alto Cortex XDR

Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.

The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Palo Alto Networks GlobalProtect

Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.

Use Cases

• Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
• Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
• Enrich existing devices with traffic data from their VPN network connections
• Provide detailed information on all GlobalProtect related devices and correlate it with other data sources

---

Palo Alto Networks List Management

Palo Alto Networks List Management integration.

Use Cases

• Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement

• Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies

---

Palo Alto Networks Panorama

The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.

Use Cases

• Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
• Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)

---

Palo Alto Prisma Access

Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.

Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.

Prisma Access has to be configured to send HIP reports to Panorama for this to work.

---

Palo Alto Prisma Cloud

Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP

Wiz is a cloud security posture management (CSPM) and cloud workload protection platform that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Retrieve detailed information on cloud resources that are seen by Wiz
• Enrichment of existing Armis devices with data exposed by Wiz

Freshservice is the intelligent service management solution.

VIPR Pro supports bidrectional integration with Freshservice for: automating ticket generation with renmediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.

Linear is an issue tracking and project management tool for companies to build their products better.

VIPR Pro supports bidrectional integration with ManageEngine ServiceDesk for: automating ticket generation with renmediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.

Armis offers the following ManageEngine integrations:

ManageEngine – Endpoint Central

ManageEngine Endpoint Central is a Unified Endpoint Management (UEM) and security software that comprehensively addresses the requirements of IT administrators. It helps IT administrators to perform patch management, software deployment, OS deployment and take remote control to troubleshoot devices. And with the help of endpoint security features, which includes vulnerability assessment, application control, device control, BitLocker management and browser security, IT administrators can safeguard their network endpoints. Furthermore, Endpoint Central integrates seamlessly with ManageEngine and other third-party solutions.

Use Cases

Device data enrichment:

• Full visibility of all ManageEngine Endpoint Central managed devices
• Correlation of ManageEngine Endpoint Central managed devices with other data sources (such as Active Directory, WLCs).

Compliance:

• The state of ManageEngine Endpoint Central managed devices
• The scan status of the ManageEngine Endpoint Central managed devices
• The agent status of the ManageEngine Endpoint Central managed devices
• View the last time the device was seen

---

ManageEngine ServiceDesk

ServiceDesk Plus is a service management solution that combines IT service management, IT asset management, and CMDB with enterprise service management capabilities.

VIPR Pro supports bidirectional integration with ManageEngine ServiceDesk for: automating ticket generation with remediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.

Slack is a cloud-based team communication platform.

VIPR Pro supports bidirectional integration with Slack to: faciliate communication between security teams and remediation stakeholders; operationalize remediation actions and workflows.

Zendesk provides software-as-a-service products related to customer support, sales, and other customer communications.

VIPR Pro supports bidrectional integration with Zendesk: automating ticket generation with remediation guidance for assigned remediation tasks; tracking and monitoring of remediation task status; facilitating collaboration between security teams and remediation owners.

Checkmarx streamlines organizations’ DevSecOps, enabling organizations to identify and remediate vulnerabilities.

VIPR Pro ingests, normalizes, deduplicates and contextualizes Checkmarx application security and code package vulnerability alerts to: prioritize findings based on security risk, exploitability and business impact; operationalize remediation workflows for application security and developer teams.

CircleCI is a continuous integration and continuous delivery platform that can be used to implement DevOps practices.

VIPR Pro integrates with CircleCI to: inventory code repository assets; monitor and track CI/CD activity to understand ownership and responsibility for code assets; augment organizational structure mapping with asset ownership information.

Cycode delivers a complete Application Security Posture Management (ASPM) platform.

VIPR Pro integrates with Cycode to ingest, normalize,deduplicate and correlate Application Security Posture Management findings for prioritization and remediation.

Armis offers the following GitHub integrations:

GitHub is a developer platform that allows developers to create, store, manage and share their code.

VIPR Pro integrates with GitHub to: inventory code repository assets; discover GitHub users for organizational structure mappings and automate code ownership assignment; identify and incorporate code snippets as part of the remediation workflows.

---

GitHub Enterprise

GitHub Enterprise Server is a self-hosted platform for software development within organizations.

VIPR Pro integrates with GitHub Enterprise to: inventory code repository assets; discover GitHub users for organizational structure mappings and automate code ownership assignment; maintain association between vulnerability findings and images; identify and incorporate code snippets as part of the remediation workflows; ingest and normalize Dependabot findings.

GitLab helps companies manage the growing complexities of developing, securing, and deploying software.

VIPR Pro integrates with GitLab to: inventory code repository assets; discover gGtLab users for organizational structure mappings and automate code ownership assignment; maintain assoictaion between vulnerability findings and images; identify and incorporate code snippets as part of the remediation workflows.

Invicti’s DAST, SCA and IAST solution helps customers to better secure and ultimately reduce risk across their web applications and APIs.

VIPR Pro integrates with Invicti (formerly known as Netsparker) to ingest, normalize and contextualize Web application vulnerabilities for prioritization and remediation, ingest scanned domain asset data, and asset and findings labels.

Use cases for the integration include:

• Normalize and deduplicate alerts from Invicti to generate Web Application findings for Configuration Change and Software Update remediations
• Ingest finding and asset labels from Invicti findings to inform prioritization assessment and remediation ownership rules
• Enrich scanned domain name asset profiles with additional properties provided by Invicti

Armis offers the following Microsoft integrations:

Microsoft Active Directory

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.
• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

---

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

---

Microsoft Azure DevOps

Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.

VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.

---

Microsoft Azure Sentinel

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

---

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Microsoft DHCP

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

---

Microsoft Endpoint Manager (Intune)

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Microsoft Entra (formerly Azure AD)

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

---

Microsoft Hyper-V

Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.

This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.

Use Cases

Device data enrichment:

• Full visibility of all Microsoft Hyper-V managed VMs and Hosts
• Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)

Compliance:

• The creation time of Microsoft Hyper-V VMs

---

Microsoft System Center Configuration Manager (SCCM) & Bitlocker

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

Semgrep guides developers towards secure by default practices.

VIPR Pro ingests, normalizes and deduplicates code vulnerability and application security issues alerts generated by Semgrep to: prioritize findings based on contextualized risk and asset profiles, assign ownership for remediation fixes, and associate code snippets through automated ticketing task generation and tracking.

Snyk is a developer security platform.

VIPR Pro ingests, normalizes and deduplicates code package and container vulnerability alerts generated by Snyk to prioritize findings based on contextualized risk and asset profiles, assign ownership for remediation fixes, and associate code snippets through automated ticketing task generation and tracking.

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells.

VIPR Pro utilizes this integration to ingest alerts for Infrastructure as Code misconfigurations and code security issues, as well as asset-related data for inventorying code repositories. Use cases for the integration include:

• Normalize and deduplicate SonarQube alerts from to generate IaC misconfigurations findings
• Enrich code repository profiles with asset data provided by SonarQube
• Contextualize and prioritize IaC misconfiguration findings with asset priority scores based on SonarQube data
• Associate code snippets from SonarQube IaC alerts with findings to provide remediation owners with actionable and specific fix guidance.

Veracode helps developers build and scale secure software from code to cloud with speed and trust.

VIPR Pro ingests, normalizes, deduplicates and contextualizes Veracode application security and code package vulnerability alerts to: prioritize findings based on security risk, exploitability and business impact; operationalize remediation workflows for application security and developer teams.

BlueCat DDI is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DDI server allows Armis to extract those leases in order to enrich the ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, obtain the utmost accuracy when associating devices with traffic and other relevant data.
• Retrieve detailed information on all BlueCat DHCP resources and correlate it with other data sources.

EfficientIP SOLIDserver DDI provides solutions for managing and securing Internet Protocols (IP) and Internet of Things (IoT) devices. Its products and services are designed to help organizations optimize their network infrastructure, improve security, and increase efficiency. Integrating with the EfficientIP SOLIDserver DDI enables Armis to extract leases and enrich the ARP table (the matching of IP addresses to MAC addresses) to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Real-time understanding of the assignment of IP addresses to devices and, as a result, additional accuracy when associating devices with traffic and other relevant data. Identify the name of the devices that have DHCP leases.

Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.

Use Cases

• Provide information on all Infoblox DDI related devices and correlate it with other data sources.
• Verify device compliance with Infoblox DDI policies:
  • Detect devices missing vulnerability scans and patches
  • Detect unmanaged devices
  • Use correlation with other data sources to detect vulnerable software
• Verify user privileges

Armis offers the following Microsoft integrations:

Microsoft Active Directory

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.
• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

---

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

---

Microsoft Azure DevOps

Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.

VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.

---

Microsoft Azure Sentinel

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

---

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Microsoft DHCP

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

---

Microsoft Endpoint Manager (Intune)

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Microsoft Entra (formerly Azure AD)

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

---

Microsoft Hyper-V

Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.

This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.

Use Cases

Device data enrichment:

• Full visibility of all Microsoft Hyper-V managed VMs and Hosts
• Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)

Compliance:

• The creation time of Microsoft Hyper-V VMs

---

Microsoft System Center Configuration Manager (SCCM) & Bitlocker

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

Armis offers the following Palo Alto Networks integrations:

Palo Alto Cortex XDR

Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.

The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Palo Alto Networks GlobalProtect

Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.

Use Cases

• Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
• Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
• Enrich existing devices with traffic data from their VPN network connections
• Provide detailed information on all GlobalProtect related devices and correlate it with other data sources

---

Palo Alto Networks List Management

Palo Alto Networks List Management integration.

Use Cases

• Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement

• Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies

---

Palo Alto Networks Panorama

The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.

Use Cases

• Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
• Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)

---

Palo Alto Prisma Access

Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.

Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.

Prisma Access has to be configured to send HIP reports to Panorama for this to work.

---

Palo Alto Prisma Cloud

Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP

BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.

Use Cases

Retrieve detailed information on CylancePROTECT managed devices.

• The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.

Verify compliance with CylancePROTECT security policies by discovering the following:

• Missing or malfunctioning CylancePROTECT agents
• CylancePROTECT agents running out-of-date software versions
• Devices that are not running a CylancePROTECT agent
• Identify the last logged-in device user

Armis offers the following Check Point integrations:

Check Point Harmony (Sandblast)

Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.

Use Cases

• Device data enrichment
• Full visibility of all Check Point Harmony Endpoint managed devices
• Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)

Compliance

• The compliance status of Check Point Harmony Endpoint managed devices
• Isolation status of Check Point Harmony Endpoint managed devices
• View the groups in which the devices are located
• View the last time the device was accessed

---

Check Point IoT

Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.

Use Cases

• Analyze traffic logs.

• Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.

• Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.

Learn more about our integration with Check Point

Armis offers the following Cisco integrations:

Cisco ASA

The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.

Use Cases

• Retrieve information on all Cisco ASA devices and correlate it with other data sources.
• Collect information of the operating system running on the device.

---

Cisco Catalyst WLC

A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.

Use Cases

• Retrieve information on all Cisco WLC devices and correlate it with other data sources.

---

Cisco Cyber Vision

Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments

---

Cisco Digital Network Architecture (Cisco DNA)

Cisco Digital Network Architecture (Cisco DNA) software delivers automation, security, predictive monitoring, and a policy-driven approach.

VIPR Pro integrates with Cisco DNA to ingest, normalize and contextualize vulnerability and software update findings for Cisco networking devices (wireless controllers, SD WANs and routers, and switches), as well as inventory networking assets discovered by Cisco DNA.

Use cases for the integration include:

• Prioritize network operating system and software findings based on contextualized risk and asset profiles
• Group related findings based on common fix (such as operating system update or identified vulnerability)
• Assign asset priority and risk score, and determine asset exposure for de-deduplicated network devices
• Assign ownership for remediation fixes, and operationalize the remediation lifecycle

---

Cisco DNA Center

Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.

Use Cases

• Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
• Enrichment of existing Armis devices with data exposed by Cisco DNA Center

---

Cisco ISE PxGrid

Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.

Learn more about our integration with Cisco ISE

---

Cisco Secure Endpoint

Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.

---

Cisco Secure Workload

Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.

This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco UCS

The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.

This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco Umbrella

Cisco Umbrella is a cloud-delivered security service that provides comprehensive threat intelligence and protection against internet-based threats. It uses DNS and IP layer enforcement to prevent connections to malicious sites before a connection is ever established. Cisco Umbrella also offers secure web gateway capabilities, cloud-delivered firewall, and interactive threat intelligence, making it a robust solution for securing enterprise networks.

The integration between Armis and Cisco Umbrella further enhances customers capabilities by leveraging asset management data as a data source.

---

Cisco Vulnerability Management (Formerly Kenna)

Cisco Vulnerability Management (Formerly Kenna) is a vulnerability management platform. The platform allows customers to bring data from multiple vendors. It uses various techniques to assess, prioritize, and predict risk.

Armis’s integration transforms Armis data about devices and associated vulnerabilities into Kenna Data Importer (KDI) files and pushes the files to Kenna’s Armis Connector.

Users can apply Armis Standard Query ASQ filters when fetching device information.

The integration requires an Armis Asset Vulnerability Management (AVM) license.

CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.

Use Cases

Retrieve detailed information on CrowdStrike managed devices.

• The retrieved information is correlated with other data sources.

Verify compliance with CrowdStrike security policies by discovering the following:

• Missing or malfunctioning CrowdStrike agents
• CrowdStrike agents running out-of-date software versions
• Devices that are not running a CrowdStrike agent
• Identify the last logged-in device user

Learn more about our integration with CrowdStrike

Cybereason EDR provides comprehensive threat protection by continuously monitoring and analyzing activities to detect and neutralize ransomware, malware, fileless attacks, and in-memory threats.

Use Cases

Sensors data enrichment:

• Full visibility of all Cybereason EDR sensors.
• Correlation of Cybereason EDR sensors with other data sources (such as Active Directory, WLCs).
• Additional data related to network interfaces associated with the sensors.

Compliance:

• The First Seen and the Last Seen times of the Cybereason EDR sensors.

Malwarebytes cloud-delivered endpoint detection and response (EDR), workload protection, by detection and protection against ransomware, malware, trojans, viruses, brute force attacks and “zero-day” unknown threats that other EDR tools don’t catch.

Use Case

• Retrieve detailed information on Malwarebytes managed devices. The retrieved information is correlated with other data sources.

McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.

Use Cases

• Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

Armis offers the following Microsoft integrations:

Microsoft Active Directory

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.
• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

---

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

---

Microsoft Azure DevOps

Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.

VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.

---

Microsoft Azure Sentinel

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

---

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Microsoft DHCP

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

---

Microsoft Endpoint Manager (Intune)

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Microsoft Entra (formerly Azure AD)

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

---

Microsoft Hyper-V

Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.

This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.

Use Cases

Device data enrichment:

• Full visibility of all Microsoft Hyper-V managed VMs and Hosts
• Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)

Compliance:

• The creation time of Microsoft Hyper-V VMs

---

Microsoft System Center Configuration Manager (SCCM) & Bitlocker

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

Armis offers the following Palo Alto Networks integrations:

Palo Alto Cortex XDR

Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.

The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Palo Alto Networks GlobalProtect

Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.

Use Cases

• Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
• Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
• Enrich existing devices with traffic data from their VPN network connections
• Provide detailed information on all GlobalProtect related devices and correlate it with other data sources

---

Palo Alto Networks List Management

Palo Alto Networks List Management integration.

Use Cases

• Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement

• Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies

---

Palo Alto Networks Panorama

The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.

Use Cases

• Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
• Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)

---

Palo Alto Prisma Access

Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.

Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.

Prisma Access has to be configured to send HIP reports to Panorama for this to work.

---

Palo Alto Prisma Cloud

Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP

The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.

Use Case

• Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
• Verify device compliance with Sentinel One policies by detecting:
  • Missing or malfunctioning Sentinel One agents
  • Sentinel One agents running out-of-date software versions
  • Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
  • Identify the last logged-in device user

Learn more about our integration with SentinelOne

Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.

The integration retrieves detailed information on Sophos Intercept X managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Armis offers the following Symantec integrations:

Symantec Asset Management Suite (Altiris)

Symantec Asset Management Suite (formerly named Altiris) improves visibility into IT assets at every point in the lifecycle to reduce costs and fulfil compliance initiatives.

This integration collects information related to assets from the Symantec Asset Management instance. It uses the Database to get the information from the different tables available in the database.

Use Cases

Device data enrichment:

• Full visibility of all the devices from Symantec Asset Management
• Additional data related to network interfaces and the applications associated with the devices
• Correlation of Symantec Asset Management devices with other data sources (such as Active Directory, WLCs)
• View the last agent communication time of the devices

---

Symantec Endpoint Protection – Broadcom

Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.

Use Cases

• Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

Taegis XDR (formerly Secureworks Red Cloak Threat Detection & Response) is a threat-intelligence-based security analytics platform with built-in security context developed by Secureworks, a cybersecurity company. It offers advanced threat detection, investigation, and response capabilities across multiple endpoints, networks and cloud environments.

Use Cases

Endpoints data enrichment:

• Full visibility of all Taegis XDR endpoints.
• Correlation of Taegis XDR endpoints with other data sources (such as Active Directory, WLCs).
• Additional data related to Network Interfaces associated with the Endpoints.

Compliance:

• The Creation Time and the Last Seen Time of the Taegis XDR endpoints.

Armis offers the following Trellix integrations:

Trellix FireEye Endpoint Protection

Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.

Use Cases

• Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
• Verify compliance with FireEye security policies by discovering the following:
  • Missing or malfunctioning FireEye agents
  • FireEye agents running out-of-date software versions
  • Devices that are not running a FireEye agent
  • Identify the last logged-in device user

---

Trellix Helix (FireEye)

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Armis offers the following Trend Micro integrations:

Trend Micro Apex One

Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.

The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Trend Micro Cloud One

Utilize the Armis Trend Micro Deep Security Integration with the URL from your region described here https://cloudone.trendmicro.com/docs/identity-and-account-management/c1-regions/

Example for the US:  https://workload.us-1.cloudone.trendmicro.com/

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Trend Micro Deep Security

Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Armis offers the following VMware integrations:

VMware Carbon Black

VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.

Use Cases

• Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
• Detect compliance of missing or malfunctioning Carbon Black Defense agents
• Detect Carbon Black Defense agents running out-of-date software versions
• Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
• Identify the last logged-in device user

---

VMware vCenter / ESXi

• Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
• Retrieve partial details about the operating system running on a device

---

VMware Workspace ONE

VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

VIPR Pro integrates with Zimperium Mobile Threat Detection, which is designed to protect corporate-owned and/or BYOD (bring-your-own-device) from advanced persistent threats across four categories: device, network, phishing, and app attacks.

VIPR Pro utilizes this integration with Zimperium Mobile Threat Detection to ingest alerts for mobile device and app security for Android, Apple iOS and Chrome endpoints issues, as well as asset-related data for mobile devices.

Use cases for the integration include:

• Normalize and deduplicate alerts from Zimperium to generate Configuration Change remediation findings
• Enrich mobile device profiles with asset data provided by Zimperium
• Associate mobile security findings with MITRE Att&ck Framework Techniques

Armis offers integrations with the following Aruba offerings:

Aruba Central

Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

---

Aruba ClearPass

Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.

Use Cases

• Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
• The retrieved information is correlated with other data sources
• Detect missing or malfunctioning agents
• Detect out-of-life or out-of-support agent versions
• Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass

---

Aruba Instant

Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

---

Aruba WLC

Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

Use Cases

Device Enrichment – view, search and visualize:

• Access points & switches managed by Aruba WLC
• Wireless Clients
• Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
• Visibility: View current and historic wireless connections between devices and access points
• Define policies on abnormal connections
• Detect rogue access points

Armis offers the following Cisco integrations:

Cisco ASA

The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.

Use Cases

• Retrieve information on all Cisco ASA devices and correlate it with other data sources.
• Collect information of the operating system running on the device.

---

Cisco Catalyst WLC

A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.

Use Cases

• Retrieve information on all Cisco WLC devices and correlate it with other data sources.

---

Cisco Cyber Vision

Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments

---

Cisco Digital Network Architecture (Cisco DNA)

Cisco Digital Network Architecture (Cisco DNA) software delivers automation, security, predictive monitoring, and a policy-driven approach.

VIPR Pro integrates with Cisco DNA to ingest, normalize and contextualize vulnerability and software update findings for Cisco networking devices (wireless controllers, SD WANs and routers, and switches), as well as inventory networking assets discovered by Cisco DNA.

Use cases for the integration include:

• Prioritize network operating system and software findings based on contextualized risk and asset profiles
• Group related findings based on common fix (such as operating system update or identified vulnerability)
• Assign asset priority and risk score, and determine asset exposure for de-deduplicated network devices
• Assign ownership for remediation fixes, and operationalize the remediation lifecycle

---

Cisco DNA Center

Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.

Use Cases

• Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
• Enrichment of existing Armis devices with data exposed by Cisco DNA Center

---

Cisco ISE PxGrid

Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.

Learn more about our integration with Cisco ISE

---

Cisco Secure Endpoint

Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.

---

Cisco Secure Workload

Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.

This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco UCS

The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.

This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco Umbrella

Cisco Umbrella is a cloud-delivered security service that provides comprehensive threat intelligence and protection against internet-based threats. It uses DNS and IP layer enforcement to prevent connections to malicious sites before a connection is ever established. Cisco Umbrella also offers secure web gateway capabilities, cloud-delivered firewall, and interactive threat intelligence, making it a robust solution for securing enterprise networks.

The integration between Armis and Cisco Umbrella further enhances customers capabilities by leveraging asset management data as a data source.

---

Cisco Vulnerability Management (Formerly Kenna)

Cisco Vulnerability Management (Formerly Kenna) is a vulnerability management platform. The platform allows customers to bring data from multiple vendors. It uses various techniques to assess, prioritize, and predict risk.

Armis’s integration transforms Armis data about devices and associated vulnerabilities into Kenna Data Importer (KDI) files and pushes the files to Kenna’s Armis Connector.

Users can apply Armis Standard Query ASQ filters when fetching device information.

The integration requires an Armis Asset Vulnerability Management (AVM) license.

Dynatrace is a software intelligence and infrastructure monitoring platform that simplifies enterprise cloud complexity and accelerates digital transformation. Dynatrace seamlessly brings infrastructure and cloud, application performance, and digital experience monitoring into an all-in-one, automated solution that’s powered by artificial intelligence.

This integration fetches useful information from the OneAgent-managed devices. Dynatrace OneAgent is essentially one binary file comprising a set of specialized services that have been configured specifically for your monitoring environment. These services collect metrics on various aspects of your hosts, including hardware, operating system, and application processes.

Use Cases

• Device data enrichment:
  • Full visibility of all Dynatrace OneAgent-managed devices.
  • Correlation of Dynatrace OneAgent-managed devices with other data sources (such as Active Directory, WLCs).

Compliance

• The State of Dynatrace OneAgent-managed devices.
• Monitoring Mode of the Dynatrace OneAgent-monitored devices.
• View the last time the device was seen.

This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.

Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.

The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.

The Armis Enterprise Workflow Automation (EWA) module uses Torq to boost security operations and threat response by turning manual security processes into automated workflows. Torq’s no-code automation enables building workflows to reduce alert fatigue, improve incident response time, and automate manual, repetitive processes.

Use Case

Together, Armis and Torq provide comprehensive asset security. The Armis platform provides complete visibility and contextual intelligence to secure all assets, prioritize risk, and manage critical processes to manage the business. Torq complements this by enabling organizations to take these insights and build powerful workflows and automation for any IT and security system.

These complementary abilities enable the following—and more:

• Automatic enforcement of endpoint-agent coverage
• Faster threat mitigation and threat remediation
• Reducing risks through orchestrated vulnerability response and vulnerability remediation

Armis offers integrations with the following Aruba offerings:

Aruba Central

Aruba Central is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

---

Aruba ClearPass

Aruba Clearpass is a network access control (NAC) solution. It helps businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user role, device type, and cybersecurity posture.

Use Cases

• Retrieve detailed information on all devices scanned by the Aruba ClearPass agent
• The retrieved information is correlated with other data sources
• Detect missing or malfunctioning agents
• Detect out-of-life or out-of-support agent versions
• Merge device details discovered by Armis with those detected by Aruba and view them in Aruba ClearPass

---

Aruba Instant

Aruba Instant is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

---

Aruba WLC

Aruba WLC is a cloud-based network management and monitoring solution for Aruba Switches and access points (APs).

Use Cases

Device Enrichment – view, search and visualize:

• Access points & switches managed by Aruba WLC
• Wireless Clients
• Enhanced information of access points and switches, such as AP Uptime, Serial Number, firmware version and more Wireless Connections
• Visibility: View current and historic wireless connections between devices and access points
• Define policies on abnormal connections
• Detect rogue access points

Armis offers the following Check Point integrations:

Check Point Harmony (Sandblast)

Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.

Use Cases

• Device data enrichment
• Full visibility of all Check Point Harmony Endpoint managed devices
• Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)

Compliance

• The compliance status of Check Point Harmony Endpoint managed devices
• Isolation status of Check Point Harmony Endpoint managed devices
• View the groups in which the devices are located
• View the last time the device was accessed

---

Check Point IoT

Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.

Use Cases

• Analyze traffic logs.

• Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.

• Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.

Learn more about our integration with Check Point

Armis offers the following Cisco integrations:

Cisco ASA

The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.

Use Cases

• Retrieve information on all Cisco ASA devices and correlate it with other data sources.
• Collect information of the operating system running on the device.

---

Cisco Catalyst WLC

A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.

Use Cases

• Retrieve information on all Cisco WLC devices and correlate it with other data sources.

---

Cisco Cyber Vision

Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments

---

Cisco Digital Network Architecture (Cisco DNA)

Cisco Digital Network Architecture (Cisco DNA) software delivers automation, security, predictive monitoring, and a policy-driven approach.

VIPR Pro integrates with Cisco DNA to ingest, normalize and contextualize vulnerability and software update findings for Cisco networking devices (wireless controllers, SD WANs and routers, and switches), as well as inventory networking assets discovered by Cisco DNA.

Use cases for the integration include:

• Prioritize network operating system and software findings based on contextualized risk and asset profiles
• Group related findings based on common fix (such as operating system update or identified vulnerability)
• Assign asset priority and risk score, and determine asset exposure for de-deduplicated network devices
• Assign ownership for remediation fixes, and operationalize the remediation lifecycle

---

Cisco DNA Center

Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.

Use Cases

• Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
• Enrichment of existing Armis devices with data exposed by Cisco DNA Center

---

Cisco ISE PxGrid

Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.

Learn more about our integration with Cisco ISE

---

Cisco Secure Endpoint

Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.

---

Cisco Secure Workload

Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.

This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco UCS

The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.

This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco Umbrella

Cisco Umbrella is a cloud-delivered security service that provides comprehensive threat intelligence and protection against internet-based threats. It uses DNS and IP layer enforcement to prevent connections to malicious sites before a connection is ever established. Cisco Umbrella also offers secure web gateway capabilities, cloud-delivered firewall, and interactive threat intelligence, making it a robust solution for securing enterprise networks.

The integration between Armis and Cisco Umbrella further enhances customers capabilities by leveraging asset management data as a data source.

---

Cisco Vulnerability Management (Formerly Kenna)

Cisco Vulnerability Management (Formerly Kenna) is a vulnerability management platform. The platform allows customers to bring data from multiple vendors. It uses various techniques to assess, prioritize, and predict risk.

Armis’s integration transforms Armis data about devices and associated vulnerabilities into Kenna Data Importer (KDI) files and pushes the files to Kenna’s Armis Connector.

Users can apply Armis Standard Query ASQ filters when fetching device information.

The integration requires an Armis Asset Vulnerability Management (AVM) license.

This integration enables users to configure an integration with Forescout network equipment so that they can enforce network rules on a single device on the fly.

Based on the predefined properties created by the user, the integration sets the properties on the relevant devices, and these properties trigger the user’s policies in Forescout.

The enforcement is done by pushing a Forescout property from Armis to Forescout. Then, Forescout runs policies based on the Forescout property that was added to the device.

Armis offers the following Fortinet integrations:

Secure Networking

FortiGate Firewall: Armis integrates directly with FortiGate via PCAP feed, delivering instant visibility without additional sensors. Armis intelligence drives microsegmentation and compensating controls for devices that can’t be patched or host agents.

FortiManager: Centralized policy orchestration built on Armis risk insights. Automatically create and push segmentation and enforcement policies across multiple FortiGates to accelerate Zero Trust implementation and reduce breach blast radius.

FortiNAC: Bi-directional integration enables dynamic network access control based on Armis’ real-time asset intelligence, containing rogue or compromised assets in seconds.

---

Security Operations

FortiSIEM: Armis integrates directly with FortiGate via PCAP feed, delivering instant visibility without additional sensors. Armis intelligence drives microsegmentation and compensating controls for devices that can’t be patched or host agents.

FortiSOAR: Automates playbooks using Armis intelligence to drive faster response. When Armis identifies a vulnerable or compromised device, FortiSOAR can instantly trigger isolation, patching workflows, or other mitigation actions.
FortiAnalyzer: Merges Armis contextual risk scores and asset intelligence with Fortinet’s analytics for prioritized investigations, enhanced reporting, and measurable exposure reduction.

FortiEDR: Ensures endpoint coverage optimization by identifying where EDR agents exist or are missing. Together, they close visibility gaps and enable targeted protection for critical systems and endpoints.

---

Universal SASE

FortiCNAPP: Integrates with Armis Centrix™ to de-duplicate, normalize and contextualize findings across both cloud-native and on-prem environments, creating a single prioritized remediation plan across toolchains.

---

Together, Armis and Fortinet create a fully integrated closed-loop exposure management cycle, from detection to prioritization to remediation.

Learn more about our integrations with Fortinet

Illumio is a cybersecurity product that provides micro-segmentation solutions for data center and cloud environments. It uses a zero-trust security mode to segment network traffic and prevents lateral movement of cyber threats within an organization’s network.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Illumio.

Armis offers the following Palo Alto Networks integrations:

Palo Alto Cortex XDR

Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.

The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Palo Alto Networks GlobalProtect

Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.

Use Cases

• Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
• Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
• Enrich existing devices with traffic data from their VPN network connections
• Provide detailed information on all GlobalProtect related devices and correlate it with other data sources

---

Palo Alto Networks List Management

Palo Alto Networks List Management integration.

Use Cases

• Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement

• Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies

---

Palo Alto Networks Panorama

The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.

Use Cases

• Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
• Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)

---

Palo Alto Prisma Access

Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.

Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.

Prisma Access has to be configured to send HIP reports to Panorama for this to work.

---

Palo Alto Prisma Cloud

Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP

MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.

Use Cases

• View MDS2 privacy and security attributes mapped to assets and to assess risk

The MDS2 integration is automatically enabled for Armis customers

The FDA monitors reports of adverse events and other problems with medical devices and alerts health professionals and the public when needed to ensure proper use of devices and the health and safety of patients.

Use Cases

• Identify assets on FDA recall lists

The FDA integration is automatically enabled for Armis customers

Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.

Use Cases

• Identify Duo users
• Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
  • Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
• Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
  • Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.

Okta is cloud software that helps companies manage their employees’ passwords by enabling single sign-on, automated user provisioning.

Use Cases

• Provide detailed device information and correlate it with other data sources
• Retrieve and collect user data
• Verify compliance with security policies by detecting disabled Okta users who are still active in Active Directory

OneLogin’s unified access management platform centralizes access across cloud environments to give full control, management, and security for data, devices, and users.

Use Cases

User enrichment:

• Full visibility of all the users from OneLogin
• Correlation of OneLogin users with other data sources (such as Okta, Duo Beyond and Active Directory)

The Armis platform imports cloud VM instance data, including their OS, applications, and VM details.

Armis offers the following Rockwell integrations:

Rockwell AssetCentre

Rockwell AssetCentre software is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information.

AssetCentre allows the organization to manage all existing Rockwell assets across the environment.

Armis integrates with AssetCentre to enrich existing devices with the info pulled from the AssetCentre server. Among the existing types of info that are available through the integration are:

• Identification of the Asset
• Enrichment of the Asset with basic profile fields such as network identifiers, model, and hostname

---

Rockwell Engineering Workstation (EWS)

Rockwell Automation is a provider of industrial automation and information technology.

Use Cases

• Retrieve detailed information about Rockwell Engineering Workstations and represent it in accessible form
• Provide enhanced information on slots and nested devices

Engineering Workstations (EWS) include essential information on the environment, devices in the network and actions performed within the environment.

The information presented in the EWS is saved in a file located on the EWS software and includes all relevant data on the devices that the EWS managers. Ingestion of EWS configuration files is essential to reach maximum visibility. Together with the network traffic data a complete picture of the Operational Technology (OT) and Industrial Control Systems (ICS) environment is now possible.

Use Cases

• Fast enrichment of Siemens devices using Siemens Software Engineering files
• Full inventory information enrichment of existing devices-profile, modules information, etc.
• Creation of nested devices not visible to Armis through traffic inspection

BlackBerry Cybersecurity CylancePROTECT uses artificial intelligence to detect and protect against ransomware, advanced threats, fileless malware, and malicious documents.

Use Cases

Retrieve detailed information on CylancePROTECT managed devices.

• The retrieved information is correlated with other data sources, such as Active Directory, WLC, etc.

Verify compliance with CylancePROTECT security policies by discovering the following:

• Missing or malfunctioning CylancePROTECT agents
• CylancePROTECT agents running out-of-date software versions
• Devices that are not running a CylancePROTECT agent
• Identify the last logged-in device user

Armis offers the following Check Point integrations:

Check Point Harmony (Sandblast)

Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce. It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.

Use Cases

• Device data enrichment
• Full visibility of all Check Point Harmony Endpoint managed devices
• Correlation of Check Point Harmony managed devices with other data sources (such as Active Directory, WLCs)

Compliance

• The compliance status of Check Point Harmony Endpoint managed devices
• Isolation status of Check Point Harmony Endpoint managed devices
• View the groups in which the devices are located
• View the last time the device was accessed

---

Check Point IoT

Check Point products protect against cyber threats across networks, endpoint, cloud and mobile devices.

Use Cases

• Analyze traffic logs.

• Automatically import and dynamically synchronize IoT controller information from Armis into policy sources and destinations by using the Check Point IoT Security Manager.

• Automatically recommend IoT policies to a Check Point hub to more efficiently segment or lock down networks where sensitive devices reside.

Learn more about our integration with Check Point

CrowdStrike provides cloud-delivered endpoint detection and response (EDR), workload protection, managed threat hunting, and threat intelligence.

Use Cases

Retrieve detailed information on CrowdStrike managed devices.

• The retrieved information is correlated with other data sources.

Verify compliance with CrowdStrike security policies by discovering the following:

• Missing or malfunctioning CrowdStrike agents
• CrowdStrike agents running out-of-date software versions
• Devices that are not running a CrowdStrike agent
• Identify the last logged-in device user

Learn more about our integration with CrowdStrike

Dropbox is a SaaS file sharing and cloud storage platform.

Use Cases

• Import user accounts
• Import user activities

Duo Beyond identifies corporate vs. personal devices with easy certificate deployment, block untrusted endpoints, and give users secure access to internal applications without using VPNs.

Use Cases

• Identify Duo users
• Retrieve detailed information on Duo endpoints, that is laptops, desktops, tablets, mobile phones, and other devices used to access Duo-protected applications and services.
  • Currently, the integration fetches only endpoints with a Windows GUID/SID or endpoints that the Armis Platform can associate with the same user.
• Fetch information on 2FA devices, that is the enrolled phones and other mobile devices used for the approval of Duo authentication requests.
  • Currently, the integration detects only the devices that the Armis Platform can associate with the same user and that have the same number.

Infoblox DDI consolidates DNS, DHCP, IP address management, and other core network services into a single platform, managed from a common console.

Use Cases

• Provide information on all Infoblox DDI related devices and correlate it with other data sources.
• Verify device compliance with Infoblox DDI policies:
  • Detect devices missing vulnerability scans and patches
  • Detect unmanaged devices
  • Use correlation with other data sources to detect vulnerable software
• Verify user privileges

McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance McAfee solutions.

Use Cases

• Provide detailed information on all McAfee ePO managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

Armis offers the following Microsoft integrations:

Microsoft Active Directory

Microsoft Active Directory (AD) is a set of identity-related directory services for authentication and authorization of users and computers in Windows domain networks.

Use Cases

Retrieve detailed information on all Active Directory users and machines

• The retrieved information is correlated with other data sources.
• Identify user access by device and timeline
• Fetch the details about user access per machine
• Obtain the status of each account
• Add third-party integrations to identify the last logged in user by device

Verify compliance with Active Directory security policies by detecting the following:

• Computers with the AD Account disabled
• Computer accounts with the AD Password set to Not Required or Never Expire
• Computers that are not configured to require any pre-authentication

---

Microsoft Azure

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Use Cases

• Provide detailed information on Microsoft Azure VMs.
• Verify device compliance with Microsoft Azure policies by detecting devices missing vulnerability scans (when integrating with an additional vulnerability scan integration).

---

Microsoft Azure DevOps

Azure DevOps allows organizations to uild, test, and deploy in any language, to any cloud or on premises.

VIPR Pro integrates with Azure DevOps to inventory code repository assets, and map remediation ownership by organizational structure in conjunction with Microsoft Entra ID integrations.

---

Microsoft Azure Sentinel

The Sentinel integration fetches alerts, devices and activities from Armis into the Sentinel platform and stores data as custom log tables. Sentinel users can utilize Azure’s Kusto Query Language (KQL) to correlate alerts with contextual data from Armis’ platform.

The integration is provided as an Azure Marketplace App available here.

---

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Microsoft DHCP

Microsoft DHCP is a common service for managing static and dynamic IP address leases in customers’ environments. Integrating with the DHCP server allows us to extract those leases in order to enrich our ARP table (matching of IP to MAC) which is used to uniquely identify and reduce the number of limited visibility devices.

Use Cases

• Monitor and analyze in real-time the assignment of IP addresses to devices and, as a result, attain utmost accuracy when associating devices with traffic and other relevant data.
• Provide detailed information on all Microsoft DHCP related devices and correlate their details with other data sources.

---

Microsoft Endpoint Manager (Intune)

Microsoft Endpoint Manager (formally Intune) is a cloud-based service in the enterprise mobility management (EMM) space that integrates closely with Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection for data protection.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Microsoft Entra (formerly Azure AD)

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on the corporate intranet network, along with any cloud apps developed for their organization.

Use Cases

• Enrichment of existing Armis devices with data exposed by Azure AD.

Compliance

• Detect devices that are not running a Microsoft Intune agent, such as Azure AD computers or corporate devices without a Microsoft Intune agent installed.
• Associate users to devices.
• Ability to view the last logged-in device user.

---

Microsoft Hyper-V

Hyper-V allows running multiple operating systems as virtual machines on Windows. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V allows the creation of virtual hard drives, virtual switches, and a number of other virtual devices all of which can be added to virtual machines.

This integration fetches information related to VMs and Hosts managed by the Microsoft Hyper-V environment.

Use Cases

Device data enrichment:

• Full visibility of all Microsoft Hyper-V managed VMs and Hosts
• Correlation of Microsoft Hyper-V managed VMs and Hosts with other data sources (such as Active Directory, EDR/VMS’s)

Compliance:

• The creation time of Microsoft Hyper-V VMs

---

Microsoft System Center Configuration Manager (SCCM) & Bitlocker

Microsoft SCCM (System Center Configuration Manager) is a systems management software for large groups of computers. Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface for setting policy options and then using them to monitor client compliance.

Use Cases

• Gain full application visibility on managed SCCM devices, including offline applications.
• Verify compliance with SCCM and Bitlocker (MBAM) policies and volume encryption requirements.
• Use correlation with other data sources to detect inactive devices or devices that are not running an SCCM agent.

NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts

Use Cases

• Matching alerts with devices
• Visualise NHS Cyber Alerts and their affected devices
• Prioritization with Armis Asset Vulnerability Management (AVM)
• Status tracking

Nuvolo delivers cloud-based Connected Workplace solutions for managing enterprise assets (CMMS/EAM), work orders and maintenance agreements. Nuvolo is a leading asset management (CMMS/EAM) tool in the healthcare industry, allowing Biomed/Clinical engineering teams to manage their medical device inventory , as well as asset management ones.

Use Cases

Enrich existing Armis devices with data exposed by Nuvolo:

• Asset Tag
• Asset State
• Operation Status
• Owning Department
• Install Date
• Is Critical
• End of Support
• End of Life

Verify compliance with Nuvolo policies by detecting:

• Missing or malfunctioning Nuvolo agents
• Nuvolo agents running out-of-date software versions
• Devices that are not running a Nuvolo agent, such as:
  • Active Directory Computers or Corporate devices without a Nuvolo agent installed. Push/send device vulnerability data to CMMS to be included in vulnerability prioritization and remediation workflows and assignments.

• Push/send device interaction data to CMMS for use in displaying device dependency visualizations.
• Identify the last logged-in device user.

Learn more about our integration with Nuvolo

Armis offers the following Palo Alto Networks integrations:

Palo Alto Cortex XDR

Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.

The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Palo Alto Networks GlobalProtect

Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.

Use Cases

• Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
• Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
• Enrich existing devices with traffic data from their VPN network connections
• Provide detailed information on all GlobalProtect related devices and correlate it with other data sources

---

Palo Alto Networks List Management

Palo Alto Networks List Management integration.

Use Cases

• Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement

• Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies

---

Palo Alto Networks Panorama

The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.

Use Cases

• Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
• Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)

---

Palo Alto Prisma Access

Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.

Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.

Prisma Access has to be configured to send HIP reports to Panorama for this to work.

---

Palo Alto Prisma Cloud

Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP

The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.

Use Cases

• Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
• Verify device compliance with Qualys security policies by detecing:
  • Devices missing vulnerability scans and patches
  • Unmanaged devices.
• Initiate vulnerability scans based on automated Armis policies

Armis offers the following Rapid7 integrations:

Rapid7 InsightVM

Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.

Use Cases

• Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
• Verify device compliance with Rapid7 InsightVM security policies by detecting:
  • Devices missing vulnerability scans and patches
  • Unmanaged devices
  • Vulnerable software (in conjunction with other data sources)
• Verify user privileges
• Initiate vulnerability scans based on automated Armis policies

---

Rapid7 InsightVM Cloud

Rapid7 InsightVM Cloud is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation.

---

Rapid7 Nexpose Data Warehouse

Rapid7 Nexpose is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. Rapid7 offers a data warehouse solution.

Use Cases

Device data enrichment:

• Full visibility of all Rapid7 Nexpose related devices in the Armis Platform and the amendment of their details in conjunction with other data sources

Compliance:

• Detection of devices missing vulnerability scans and patches
• Detection of unmanaged devices
• Detection of vulnerable software by using correlations with other data sources

The SentinelOne platform delivers the defenses for prevention and detection of and response to endpoint threats.

Use Case

• Provide detailed profile information on all Sentinel One managed devices. The information is correlated with other data sources (such as Active Directory, WLCs, etc.)
• Verify device compliance with Sentinel One policies by detecting:
  • Missing or malfunctioning Sentinel One agents
  • Sentinel One agents running out-of-date software versions
  • Devices that are not running a Sentinel One agent, such as Active Directory computers or Corporate devices without a Sentinel One agent installed
  • Identify the last logged-in device user

Learn more about our integration with SentinelOne

Sophos Intercept X is the industry-leading Endpoint Security solution that reduces the attack surface and prevents attacks from running. Combining anti-exploit, anti-ransomware, deep learning AI, and control technology stops attacks before they impact your systems. Intercept X uses a comprehensive, defense in-depth approach to endpoint protection, rather than relying on one primary security technique.

The integration retrieves detailed information on Sophos Intercept X managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Armis offers the following Symantec integrations:

Symantec Asset Management Suite (Altiris)

Symantec Asset Management Suite (formerly named Altiris) improves visibility into IT assets at every point in the lifecycle to reduce costs and fulfil compliance initiatives.

This integration collects information related to assets from the Symantec Asset Management instance. It uses the Database to get the information from the different tables available in the database.

Use Cases

Device data enrichment:

• Full visibility of all the devices from Symantec Asset Management
• Additional data related to network interfaces and the applications associated with the devices
• Correlation of Symantec Asset Management devices with other data sources (such as Active Directory, WLCs)
• View the last agent communication time of the devices

---

Symantec Endpoint Protection – Broadcom

Symantec Endpoint Protection (SEP) is a single framework for preventive protection, post-injury detection, automated investigation, and response. SEP protects endpoints from cyber threats, detects advanced attacks and infringements of data, automates security incidents, and improves protection.

Use Cases

• Provide detailed information on all SEP managed devices. The information is correlated with other data sources, such as Active Directory, WLCs, etc.

Armis offers the following Tanium integrations:

Tanium Asset

Tanium Asset provides a comprehensive inventory of hardware and software assets across your environment. This integration provides detailed profile information on all Tanium Asset devices.

Use Cases

• Enrichment of existing Armis devices with data exposed by Tanium Asset.
• Device identification and inventory of installed applications.
• User-to-Device association.

---

Tanium Comply

Tanium Comply conducts vulnerability and compliance assessments against operating systems, applications, software supply chain, and security configurations and policies.

The Tanium Comply integration imports CVE data (that is, asset vulnerabilities) about the assets that the associated Tanium Comply instance manages.

Use Case

• Integrate Tanium Comply CVE findings into Armis, prioritize them against other CVE findings in the organization, open tickets, and track their remediation process.

---

Tanium Discover

Tanium Discover shows the hostname, MAC and IP addresses, device manufacturer, OS, open ports/applications and historical information such as the first and last time the unmanaged asset was seen on the network.

Use Cases

• Enrichment of existing Armis devices with data exposed by Tanium Discover.

Compliance

• Detection of unmanaged devices that are capable of being managed by Tanium. Detection of unmanageable devices.

---

Tanium Interact

The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.

Use Cases

• Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
• Compliance:
  • Detection of missing or malfunctioning Tanium Interact agents
  • Detection of Tanium Interact agents running out-of-date software versions
  • Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
  • Ability to view the last logged-in device user

Armis offers the following Tenable integrations:

Tenable.io

Tenable.io Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.

Use Cases

• Device data enrichment — Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
• Compliance:
  • Detection of devices missing vulnerability scans and patches
  • Detection of unmanaged devices
  • Using correlation with other data sources to detect vulnerable software
  • Verification of user privileges
  • Orchestration — Initiating vulnerability scans based on automated Armis policies

---

Tenable.sc

Tenable.sc Vulnerability Management identifies, investigates, and prioritizes vulnerabilities and misconfigurations in IT environments, and provides actionable insights into security risks.

Use Cases

• Device data enrichment—Full visibility of all Tenable.io-related devices in the Armis Platform and the amendment of their details in conjunction with other data sources
• Compliance:
  • Detection of devices missing vulnerability scans and patches
  • Detection of unmanaged devices
  • Using correlation with other data sources to detect vulnerable software
  • Verification of user privileges
• Orchestration—Initiating vulnerability scans based on automated Armis policies

Armis offers the following Trellix integrations:

Trellix FireEye Endpoint Protection

Trellix FireEye Endpoint Security is an integrated solution that detects what others miss and protects endpoint against known and unknown threats.

Use Cases

• Retrieve detailed information on FireEye managed devices. The retrieved information is correlated with other data sources.
• Verify compliance with FireEye security policies by discovering the following:
  • Missing or malfunctioning FireEye agents
  • FireEye agents running out-of-date software versions
  • Devices that are not running a FireEye agent
  • Identify the last logged-in device user

---

Trellix Helix (FireEye)

Armis SIEM integration allows forwarding Armis generated alerts to a SIEM server.

Use Cases

• Enhance incident investigation by providing full context of the asset and its risks
• Detect assets not reporting events to the SIEM

Armis offers the following Trend Micro integrations:

Trend Micro Apex One

Trend Micro Apex One leverages a blend of cross-generational threat techniques to provide the broadest protection against all types of threats. Pre-execution and runtime machine learning. More accurate detection of advanced malware, such as fileless, living off the land, and ransomware threats.

The integration retrieves detailed information on Trend Micro Apex One Endpoint Protection & Security managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Trend Micro Cloud One

Utilize the Armis Trend Micro Deep Security Integration with the URL from your region described here https://cloudone.trendmicro.com/docs/identity-and-account-management/c1-regions/

Example for the US:  https://workload.us-1.cloudone.trendmicro.com/

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Trend Micro Deep Security

Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

Armis offers the following VMware integrations:

VMware Carbon Black

VMware Carbon Black Defense is a cloud native platform delivering next-generation antivirus and endpoint detection and response.

Use Cases

• Obtain full visibility of all Carbon Black Defense managed devices, including profile information, such as Carbon Black Policy, Target Priority and the last time the device was seen in CarbonBlack. The information is correlated with other data sources, such as Active Directory, WLCs, etc.
• Detect compliance of missing or malfunctioning Carbon Black Defense agents
• Detect Carbon Black Defense agents running out-of-date software versions
• Detect devices that are not running a Carbon Black Defense agent, such as Active Directory Computers or corporate devices without a Carbon Black Defense agent
• Identify the last logged-in device user

---

VMware vCenter / ESXi

• Provide detailed information on all VMWare vCenter / ESXi related assets and correlate it with other data sources
• Retrieve partial details about the operating system running on a device

---

VMware Workspace ONE

VMWare Workspace ONE (formerly AirWatch) provides enterprise mobility management (EMM) software and standalone management systems for content, applications, and email.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

Dropbox is a SaaS file sharing and cloud storage platform.

Use Cases

• Import user accounts
• Import user activities

SecurityScorecard helps companies rate and understand any company’s security risk.

VIPR pro ingests, deduplicates and contextualizes host and web application vulnerability findings from SecurityScorecard to; prioritize based on risk and business impact through association with enriched asset profiles; operationalize the remediation process through remediaton ownership assignment and automated ticket generation and monitoring.

CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.

Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures.

The integration between Armis and CyberArk allows customers to leverage CyberArk’s advanced secrets management functionalities while seamlessly integrating with the Armis platform to maintain secure operations and compliance.

ColorTokens and Armis deliver a complementary, integrated solution that brings together best-in-class microsegmentation, asset identification, comprehensive asset intelligence, and vulnerability management and microsegmentation and microsegmentation that empowers enterprises with a Zero Trust Architecture purpose-built for converged IT/OT environments.

Use Cases:

• Vulnerability-Aware Microsegmentation
• Real-Time Breach Containment
• Environment Separation
• Unified Visibility with Actionable Context
• Accelerated Compliance

Learn more about our integration with ColorTokens

Armis offers the following Google integrations:

Google Chronicle

Chronicle is a cybersecurity telemetry platform for threat hunting, and threat intelligence and is part of the Google Cloud Platform. Chronicle stores log events it receives in two formats: either as the original raw log or structured Unified Data Model (UDM) log. There are two critical elements to consider for parsing, Unified Data Model (UDM) which defines the schema for parsing, and Configuration Based Normalizers (CBN) which describes how to log data is transformed to the UDM schema.

Chronicle Integration for Armis:
The Chronicle integration for Armis enables the transfer and parsing of Armis Alerts, Activities, Devices, and Vulnerabilities in the Chronicle. These parsed events can be utilized for search, reporting, and visualization workflows.

The ingestion script ingests the following 4 types of event categories:

• Armis Alerts
• Armis Activities
• Armis Devices
• Armis Vulnerabilities

---

Google Cloud Platform (GCP)

GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.

Use Cases

• Retrieve information on GCP related devices, including their identification and operating system details.

---

Google Endpoint Manager – ChromeOS

Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.

The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Google Project Zero

Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.

The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

---

Google Security Operations SOAR

Armis and Google Security Operations SOAR enable organizations to take action automatically to protect critical information and systems.

Network Mapper scans the network infrastructure and builds the network structure. It extracts ARP records and MAC address tables and is used in switch-based enforcements.

Use Cases

• Identify network equipment
• Retrieve ARP tables

Use Cases

• Inspect traffic
• Monitor activities
• Track connections
• Provide relevant data for accurate device identification
• Assist in user association

Netskope is a computer security platform that offers cloud-native solutions to businesses for data protection and defense against threats in cloud applications, cloud infrastructure, and the web.

Use Cases

• Enrichment of existing Armis devices with data exposed by Netskope.

Armis offers the following Palo Alto Networks integrations:

Palo Alto Cortex XDR

Palo Alto Cortex XDR is a threat-detection and response app that provides protection against cyberattacks, unauthorized access, and misuse.

The integration between Armis and Cortex XDR retrieves detailed information on Cortex XDR managed devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Audit for presence and compliance
• Report on EPP effectiveness

---

Palo Alto Networks GlobalProtect

Palo Alto Networks GlobalProtect extends the firewall inspection, security, and visibility capabilities to the mobile workforce.

Use Cases

• Identify devices that initiated VPN connections using a VPN client, including the user who initiated the connection, the last connection timestamp, and additional VPN client properties
• Identify point-in-time successful connection attempts from a VPN client to the VPN server, with an association to the client device
• Enrich existing devices with traffic data from their VPN network connections
• Provide detailed information on all GlobalProtect related devices and correlate it with other data sources

---

Palo Alto Networks List Management

Palo Alto Networks List Management integration.

Use Cases

• Assigning assets to an External Dynamic List (EDL) that a PAN firewall can import and use for policy enforcement

• Tagging devices within PAN to support the Dynamic Access Group (DAG) flow that allows using tags as identifiers in policies

---

Palo Alto Networks Panorama

The Palo Alto Panorama management server provides centralized monitoring and management of multiple next-generation firewalls and appliance clusters. Integrating with Panorama and its firewalls allows ingesting information on devices communicating through them.

Use Cases

• Enrich existing devices with traffic and services metadata ingested from Firewall traffic logs via Syslog
• Enrich Armis with unique device identifiers by ingesting the local cache of Address Resolution Protocol (ARP) entries and DHCP leases learned by the firewall (or each firewall controlled by the Panorama)

---

Palo Alto Prisma Access

Prisma Access is a cloud-based VPN SASE powered by the Global Protect Agent.

Prisma Access data can be imported if Prisma Access is being managed via Panorama, use the Armis Global Protect integration and point to the Panorma server.

Prisma Access has to be configured to send HIP reports to Panorama for this to work.

---

Palo Alto Prisma Cloud

Prisma Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides comprehensive visibility and threat detection across an organization’s hybrid, multi-cloud infrastructure.

Use Cases

• Provides detailed information on AWS EC2 instances and Azure Compute seen by Palo Alto Networks Prisma CSPM. The information is correlated with other data sources, such as AWS, AZURE, and GCP

Black Duck helps manage the security, quality, and license compliance risks for open source and third-party code.

VIPR Pro ingests, normallizes and correlates Black findings to: identify, group and prioritize code package vulnerabilities; operationalize remediation workflows and fix guidance for for application teams and developers.

Bugcrowd safeguards organizations’ assets from sophisticated threat actors before by uniting customers with trusted hackers.

VIPR Pro ingests, normallizes and correlates Bugcrowd’s crowdsourced security alerts to: contextualize and associate Bugcrowd alerts with impacted assets to prioritize risk remediation actiions: assign ownership and track remediation task status through bidirectional integration with ticketing systems.

Armis offers the following Cisco integrations:

Cisco ASA

The integration between Armis and Cisco ASA (Adaptive Security Appliance) helps customers with asset management as a data source for identification of remote connections via VPN, network analysis and risk assessment purposes.

Use Cases

• Retrieve information on all Cisco ASA devices and correlate it with other data sources.
• Collect information of the operating system running on the device.

---

Cisco Catalyst WLC

A Cisco Catalyst WLAN controller manages wireless network access points that allow wireless devices to connect to the network.

Use Cases

• Retrieve information on all Cisco WLC devices and correlate it with other data sources.

---

Cisco Cyber Vision

Cisco Cyber Vision is an industrial security solution designed to ensure the continuity, resilience, and safety of industrial operations. It provides comprehensive visibility into industrial control systems (ICS) and operational technology (OT) networks, enabling the detection of cyber threats and vulnerabilities specific to industrial environments

---

Cisco Digital Network Architecture (Cisco DNA)

Cisco Digital Network Architecture (Cisco DNA) software delivers automation, security, predictive monitoring, and a policy-driven approach.

VIPR Pro integrates with Cisco DNA to ingest, normalize and contextualize vulnerability and software update findings for Cisco networking devices (wireless controllers, SD WANs and routers, and switches), as well as inventory networking assets discovered by Cisco DNA.

Use cases for the integration include:

• Prioritize network operating system and software findings based on contextualized risk and asset profiles
• Group related findings based on common fix (such as operating system update or identified vulnerability)
• Assign asset priority and risk score, and determine asset exposure for de-deduplicated network devices
• Assign ownership for remediation fixes, and operationalize the remediation lifecycle

---

Cisco DNA Center

Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, and lower your IT spending. Armis utilizes the information from the DNA Center platform to gain visibility into the network devices managed by the platform.

Use Cases

• Retrieve detailed information on network devices and endpoints that are seen by Cisco DNA Center
• Enrichment of existing Armis devices with data exposed by Cisco DNA Center

---

Cisco ISE PxGrid

Through pxGrid, Armis integrates with Cisco Identity Services Engine (ISE) to automate network enforcement of security policies.

Learn more about our integration with Cisco ISE

---

Cisco Secure Endpoint

Cisco Secure Endpoint management offers cloud-delivered endpoint protection and advanced endpoint detection and response across multidomain control points.

Use Cases

• Device data enrichment.
• Enrichment of existing Armis devices with data exposed by Cisco Secure Endpoint.

---

Cisco Secure Workload

Cisco Secure Workload (formerly known as Cisco Tetration) is a comprehensive security solution designed to protect applications across hybrid cloud environments. It provides visibility, micro- segmentation, and real-time monitoring to secure workloads and applications.

This integration collects information about agents, using the Cisco Secure Workload API endpoints to retrieve the data. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco UCS

The Cisco Unified Computing System™ (Cisco UCS®) is a revolutionary computing architecture designed for IT innovation and business acceleration. It enables fast IT by combining computing, networking, and storage infrastructure with management and virtualization capabilities to offer exceptional speed, simplicity, and scalability.

This integration collects information about Blade and Rack servers. It uses the Cisco UCS API endpoint to retrieve the information. The collected data is displayed in the Armis Centrix™ platform.

---

Cisco Umbrella

Cisco Umbrella is a cloud-delivered security service that provides comprehensive threat intelligence and protection against internet-based threats. It uses DNS and IP layer enforcement to prevent connections to malicious sites before a connection is ever established. Cisco Umbrella also offers secure web gateway capabilities, cloud-delivered firewall, and interactive threat intelligence, making it a robust solution for securing enterprise networks.

The integration between Armis and Cisco Umbrella further enhances customers capabilities by leveraging asset management data as a data source.

---

Cisco Vulnerability Management (Formerly Kenna)

Cisco Vulnerability Management (Formerly Kenna) is a vulnerability management platform. The platform allows customers to bring data from multiple vendors. It uses various techniques to assess, prioritize, and predict risk.

Armis’s integration transforms Armis data about devices and associated vulnerabilities into Kenna Data Importer (KDI) files and pushes the files to Kenna’s Armis Connector.

Users can apply Armis Standard Query ASQ filters when fetching device information.

The integration requires an Armis Asset Vulnerability Management (AVM) license.

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.

The CVE integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

Cybersecurity and Infrastructure Security Agency (CISA) manages a catalog of Known Exploited Vulnerabilities (KEV) and requires federal civilian agencies to remediate such vulnerabilities within specific timeframes.

Use Cases

• Audit vulnerability remediation by the CISA Due Date

The CISA KEV integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Their goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The EPSS integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

Armis offers the following Google integrations:

Google Chronicle

Chronicle is a cybersecurity telemetry platform for threat hunting, and threat intelligence and is part of the Google Cloud Platform. Chronicle stores log events it receives in two formats: either as the original raw log or structured Unified Data Model (UDM) log. There are two critical elements to consider for parsing, Unified Data Model (UDM) which defines the schema for parsing, and Configuration Based Normalizers (CBN) which describes how to log data is transformed to the UDM schema.

Chronicle Integration for Armis:
The Chronicle integration for Armis enables the transfer and parsing of Armis Alerts, Activities, Devices, and Vulnerabilities in the Chronicle. These parsed events can be utilized for search, reporting, and visualization workflows.

The ingestion script ingests the following 4 types of event categories:

• Armis Alerts
• Armis Activities
• Armis Devices
• Armis Vulnerabilities

---

Google Cloud Platform (GCP)

GCP offers a suite of computing services to do everything from data management to delivering web and video over the web to AI and machine learning tools.

Use Cases

• Retrieve information on GCP related devices, including their identification and operating system details.

---

Google Endpoint Manager – ChromeOS

Google Endpoint Manager allows IT admins for a business or school, to manage Chromebooks and other ChromeOS devices, from their Google Admin console. To enforce policies, set up Chrome features for users, provide access to their internal VPNs and Wi-Fi networks, force install apps and extensions, and more.

The integration retrieves detailed information from Google Endpoint Management on Google ChromeOS devices.

Use Cases

• Gain visibility of managed assets and their attributes
• Verify asset compliance
• Identify unmanaged assets

---

Google Project Zero

Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Their mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.

The Project Zero integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

---

Google Security Operations SOAR

Armis and Google Security Operations SOAR enable organizations to take action automatically to protect critical information and systems.

MDS2 provides a standard for risk assessment of medical devices. Leveraging it into risk insights within Armis allows for prioritizing, monitoring and handling those risks.

Use Cases

• View MDS2 privacy and security attributes mapped to assets and to assess risk

The MDS2 integration is automatically enabled for Armis customers

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

The MITRE ATT&CK® integration is automatically enabled for Armis customers.

The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

The NIST NVD integration is automatically deployed for any customers of the Armis Asset Vulnerability Management module.

NHS Cyber Alerts provides NHS organisations with a secure and effective way to respond to high-severity cyber alerts

Use Cases

• Matching alerts with devices
• Visualise NHS Cyber Alerts and their affected devices
• Prioritization with Armis Asset Vulnerability Management (AVM)
• Status tracking

The Qualys Cloud Platform monitors customers’ global security and compliance posture using scanner appliances. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.

Use Cases

• Retrieve detailed information on all Qualys-related devices and correlate it with other data sources
• Verify device compliance with Qualys security policies by detecing:
  • Devices missing vulnerability scans and patches
  • Unmanaged devices.
• Initiate vulnerability scans based on automated Armis policies

Armis offers the following Rapid7 integrations:

Rapid7 InsightVM

Rapid7 InsightVM is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.

Use Cases

• Retrieve detailed information on all Rapid7 InsightVM related devices and correlate it with other data sources
• Verify device compliance with Rapid7 InsightVM security policies by detecting:
  • Devices missing vulnerability scans and patches
  • Unmanaged devices
  • Vulnerable software (in conjunction with other data sources)
• Verify user privileges
• Initiate vulnerability scans based on automated Armis policies

---

Rapid7 InsightVM Cloud

Rapid7 InsightVM Cloud is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation.

---

Rapid7 Nexpose Data Warehouse

Rapid7 Nexpose is a vulnerability management solution that provides discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. Rapid7 offers a data warehouse solution.

Use Cases

Device data enrichment:

• Full visibility of all Rapid7 Nexpose related devices in the Armis Platform and the amendment of their details in conjunction with other data sources

Compliance:

• Detection of devices missing vulnerability scans and patches
• Detection of unmanaged devices
• Detection of vulnerable software by using correlations with other data sources

runZero provides visibility into enterprises’ external attack surface.

VIPR Pro ingests, normalises and deduplicates asset data from runZero to: centralize asset inventory, enrich asset management profiles with custom metadata for adaptable prioritization.

Armis offers the following Tanium integrations:

Tanium Asset

Tanium Asset provides a comprehensive inventory of hardware and software assets across your environment. This integration provides detailed profile information on all Tanium Asset devices.

Use Cases

• Enrichment of existing Armis devices with data exposed by Tanium Asset.
• Device identification and inventory of installed applications.
• User-to-Device association.

---

Tanium Comply

Tanium Comply conducts vulnerability and compliance assessments against operating systems, applications, software supply chain, and security configurations and policies.

The Tanium Comply integration imports CVE data (that is, asset vulnerabilities) about the assets that the associated Tanium Comply instance manages.

Use Case

• Integrate Tanium Comply CVE findings into Armis, prioritize them against other CVE findings in the organization, open tickets, and track their remediation process.

---

Tanium Discover

Tanium Discover shows the hostname, MAC and IP addresses, device manufacturer, OS, open ports/applications and historical information such as the first and last time the unmanaged asset was seen on the network.

Use Cases

• Enrichment of existing Armis devices with data exposed by Tanium Discover.

Compliance

• Detection of unmanaged devices that are capable of being managed by Tanium. Detection of unmanageable devices.

---

Tanium Interact

The Tanium Interact adapter allows the user to ask questions to gather live endpoint data in order to create an up-to-date inventory of hardware and software assets.

Use Cases

• Device data enrichment — Enrichment of existing Armis devices with data exposed by Tanium Interact.
• Compliance:
  • Detection of missing or malfunctioning Tanium Interact agents
  • Detection of Tanium Interact agents running out-of-date software versions
  • Detect devices that are not running a Tanium Interact agent, such as Active Directory Computers or Corporate devices without a Tanium Interact agent installed
  • Ability to view the last logged-in device user