Integrations with Microsoft and partner services
Integrate Microsoft Defender for Iot with partner services to view partner data in Defender for IoT, or to view Defender for IoT data in a partner service.
Aruba ClearPass
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Aruba ClearPass | Share Defender for IoT data with ClearPass Security Exchange and update the ClearPass Policy Manager Endpoint Database with Defender for IoT data. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate ClearPass with Microsoft Defender for IoT |
Axonius
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Axonius Cybersecurity Asset Management | Import and manage device inventory discovered by Defender for IoT in your Axonius instance. | - OT networks - Locally managed sensors and on-premises management consoles |
Axonius | Axonius documentation |
CyberArk PSM
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| CyberArk Privileged Session Manager (PSM) | Send CyberArk PSM syslog data on remote sessions and verification failures to Defender for IoT for data correlation. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate CyberArk with Microsoft Defender for IoT |
Forescout
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Forescout | Automate actions in Forescout based on activity detected by Defender for IoT, and correlate Defender for IoT data with other Forescout eyeExtended modules that oversee monitoring, incident management, and device control. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate Forescout with Microsoft Defender for IoT |
Fortinet
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Fortinet FortiSIEM and FortiGate | Send Defender for IoT data to Fortinet services for: - Enhanced network visibility in FortiSIEM - Extra abilities in FortiGate to stop anomalous behavior |
- OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate Fortinet with Microsoft Defender for IoT |
IBM QRadar
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| IBM QRadar | Send Defender for IoT alerts to IBM QRadar | - OT networks - Cloud connected sensors |
Microsoft | Stream Defender for IoT cloud alerts to a partner SIEM |
| IBM QRadar | Forward Defender for IoT alerts to IBM QRadar. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate Qradar with Microsoft Defender for IoT |
LogRhythm
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| LogRhythm | Forward Defender for IoT alerts to LogRhythm. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate LogRhythm with Microsoft Defender for IoT |
Micro Focus ArcSight
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Micro Focus ArcSight | Forward Defender for IoT alerts to ArcSight. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate ArcSight with Microsoft Defender for IoT |
Microsoft Defender for Endpoint
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Microsoft Defender for Endpoint | Integrates Defender for IoT data in Defender for Endpoint's device inventory, alerts, recommendations, and vulnerabilities. Displays device data about Defender for Endpoint endpoints in the Defender for IoT Device inventory page on the Azure portal. | - Enterprise IoT networks and sensors | Microsoft | Onboard with Microsoft Defender for IoT |
Microsoft Sentinel
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Defender for IoT data connector in Microsoft Sentinel | Displays Defender for IoT cloud data in Microsoft Sentinel, supporting end-to-end SOC investigations for Defender for IoT alerts. | - OT and Enterprise IoT networks - Cloud-connected sensors |
Microsoft | Integrate Microsoft Sentinel and Microsoft Defender for IoT |
| Microsoft Sentinel | Send Defender for IoT alerts from on-premises resources to Microsoft Sentinel. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Connect on-premises OT network sensors to Microsoft Sentinel |
Palo Alto
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Palo Alto | Use Defender for IoT data to block critical threats with Palo Alto firewalls, either with automatic blocking or with blocking recommendations. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate Palo-Alto with Microsoft Defender for IoT |
RSA NetWitness
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| RSA NetWitness | Forward Defender for IoT alerts to RSA NetWitness | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate RSA NetWitness with Microsoft Defender for IoT Defender for IoT - RSA NetWitness CEF Parser Implementation Guide |
ServiceNow
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Vulnerability Response Integration with Microsoft Azure Defender for IoT | View Defender for IoT device vulnerabilities in ServiceNow. | - OT networks - Locally managed sensors and on-premises management consoles |
ServiceNow | ServiceNow store |
| Service Graph Connector Integration with Microsoft Azure Defender for IoT | View Defender for IoT device detections, sensors, and network connections in ServiceNow. | - OT networks - Locally managed sensors and on-premises management consoles |
ServiceNow | ServiceNow store |
| Microsoft Defender for IoT (Legacy) | View Defender for IoT device detections and alerts in ServiceNow. | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | ServiceNow store Integrate ServiceNow with Microsoft Defender for IoT |
Skybox
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Skybox | Import vulnerability occurrence data discovered by Defender for IoT in your Skybox platform. | - OT networks - Locally managed sensors and on-premises management consoles |
Skybox | Skybox documentation Skybox integration page |
Splunk
| Name | Description | Support scope | Supported by | Learn more |
|---|---|---|---|---|
| Splunk | Send Defender for IoT alerts to Splunk | - OT networks - Cloud connected sensors |
Microsoft | Stream Defender for IoT cloud alerts to a partner SIEM |
| Splunk | Send Defender for IoT alerts to Splunk | - OT networks - Locally managed sensors and on-premises management consoles |
Microsoft | Integrate Splunk with Microsoft Defender for IoT |
Next steps
Feedback
Submit and view feedback for