About Illumio Integrations
This topic describes the available Illumio integrations with third-party providers.
For information about integrations not described in this topic and for links to the software, see Table 1, “Apps and Integration Tools”.
Armis Connector for Illumio
The Illumio - Armis integration allows you to view iOT inventories and their metadata. This integration extends Illumio's zero-trust model to IoT devices to provide IoT/OT segmentation.
Check Point Connector for Illumio
The Illumio integration with Check Point allows you to collect and analyze firewall logs using Check Point's native log-export capability and view this data within the Illumio Platform. With this integration, your organization can make data-driven security-policy decisions to improve its security posture.
Illumio App for ServiceNow CMDB
The Illumio app for ServiceNow provides enriched workload collection on the Illumio Policy Compute Engine (PCE) instance using the database of workloads discovered by ServiceNow. You can use the ServiceNow tables as a customized source for workloads and synchronize the data to the PCE both automatically and manually.
See ServiceNow CMDB.
Illumio App for Splunk and Illumio Technology Add-On for Splunk
The Illumio App for Splunk integrates with the Illumio Policy Compute Engine (PCE) to provide security and operational insights into your Illumio-secured data center.
The Illumio Technology Add-On for Splunk enriches Illumio Policy Compute Engine (PCE) data with Common Information Model (CIM) field names, event types, and tags.
See Illumio App for Splunk Version 3.2.x and Illumio App for Splunk Version 4.0.x.
Illumio Application for QRadar
Illumio Application for QRadar integrates with the Illumio Policy Compute Engine (PCE) to provide insights into your Illumio-secured data center. It provides the following dashboards that are integrated into the QRadar user interface:
The Security Operations dashboard displays east-west traffic, so you can see potential attacks and identify compromised workloads.
The PCE Operations dashboard allows you to monitor the health of all deployed and managed PCEs.
Illumio Plugin for Netskope Cloud Exchange
The Illumio Plugin for Netskope Cloud Exchange extends Illumio Zero Trust Segmentation (ZTS) principles to remote access architectures. Using Illumio's ZTS combined with Netskope's Security Service Edge (SSE) provides dynamic access controls and security across hybrid and multi-cloud environments.
Illumio Sentinel Solution
The Illumio Sentinel Solution provides an integration between Microsoft Sentinel and Illumio's Zero Trust Segmentation platform. This integration enhances SecOps and provides greater visibility into workloads, faster response to incidents, and strengthened compliance.
Illumio Terraform Provider
The Illumio Terraform source allows you to manage resources and policy objects on the Illumio Policy Compute Engine (PCE). With Terraform, you can represent your infrastructure and policy as code and also manage the PCE state.
See Terraform.
Wiz Connector for Illumio
The Wiz Connector for Illumio integration uses security events from the Wiz application to augment flow data in Illumio Console to help you understand how resources outside your organization are interacting with your data center and cloud assets.
Integration | Description | Links | Validated Compatibility |
|---|---|---|---|
Ansible | Ansible modules for
|
| |
Armis | Allows you to view flow data from IoT devices and between IoT devices and enforce policies without needing to install a physical device | Integration Guide | SaaS |
Check Point | Use Check Point's native log export capabilities to collect and analyze firewall logs and use their data to make data-driven policy decisions | Integration Guide | SaaS |
IBM QRadar (SIEM) | Connector and Dashboards to view Illumio flow and event data | Integration Guide (HTML) (PDF) Integration Guide (PDF) |
|
IBM QRadar (SOAR) | Provides a selective port-blocking playbook | User Guide (PDF) |
|
Netskope Cloud Exchange | Ensures dynamic access controls and security across hybrid and multi-cloud environments | v1.0.0 Integration Guide (HTML) (PDF) | |
Palo Alto Cortex (SOAR) | Provides a selective port-blocking playbook |
| |
Python (SDK) | Python REST client for Illumio PCE APIs |
| |
Sentinel | Azure Function Apps for data ingestion | v3.4.0 Integration Guide (HTML) (PDF) |
|
ServiceNow (CMDB) | Uses ServiceNow CMDB as the source of truth for labeling PCE workloads with R/A/E/L labels | Installation and Configuration Guide (PDF) |
|
Splunk (SIEM) | Connector and Dashboards to view Illumio flow and event data | User Guide v3.2.4 (HTML) User Guide v3.2.4 (PDF) EULA (PDF) Integration Guide v4.0.x (HTML) (PDF) | For v3.2.4:
For v4.0.3:
|
Terraform | Terraform HCL scripts to manage PCE policy and policy objects |
| |
Wiz | The Wiz Connector for Illumio uses security events from Wiz cloud to augment cloud resources and flow data in Illumio to help you understand potential vulnerabilities and exposures to security breaches in your cloud environment. | (HTML) (PDF) | N/A |
Note
Integration with Third-Party Applications. Illumio’s products (the “Products”) may contain features designed to integrate and/or interoperate with Third-Party Applications (as defined below). Illumio cannot guarantee the continued availability of such Product features, and may cease providing them without entitling an Illumio customer (‘Customer”) to any refund, credit, or other compensation, if for example and without limitation, the provider of a Third-Party Application ceases to make the Third-Party Application available for interoperation with the corresponding Product features in a manner acceptable to Illumio.
If Customer chooses to use a Third-Party Application with a Product, Customer grants Illumio permission to allow the Third-Party Application and its provider to access Customer Data and information about Customer’s usage of the Third-Party Application as appropriate for the interoperation of that Third-Party Application with a Product.