Armis Centrix
Overview
Armis Centrix is an asset visibility platform that enriches devices with detailed hardware, software and risk context. Xshield can import this context and automatically apply it as core tags and properties on corresponding devices. This eliminates the manual effort of re-tagging assets inside Xshield and lets you realise the value of segmentation policies immediately.
In addition, the integration imports every CVE that Armis reports for a device. These vulnerabilities are stored in Xshield and can be used in Tag Rules to auto-assign core tags to high-risk assets.
The integration is seamless and you only need to supply Armis API credentials in the Xshield console.
Prerequisites
Armis
- An active Armis Centrix tenant with API access.
- Secret API Key that has the Read Assets and Read Vulnerabilities permissions. See the Armis documentation for generating an API key.
- The Armis Endpoint URL for your tenant – for example
https://colortokens.armis.com.
Xshield
- Admin role to enable the integration.
Integration
Follow the steps below to connect Armis Centrix to Xshield.
-
Log in to Xshield and navigate to Integrations.
-
Select the OT/ IoT category and click Activate on Armis Centrix.
-
In the API Integration section fill in:
- Armis Endpoint – e.g.
https://colortokens.armis.com. Base URL of your Armis tenant (must include the scheme, e.g.https://). - Secret API Key – the key generated in Armis.
- Armis Endpoint – e.g.
-
Click Test to validate the credentials.
-
If the test succeeds, click Save to enable the integration.
-
A message is logged under Monitor > Logs confirming activation.
-
Once enabled, assets will appear with Armis tags after the next sync run (which can take up to 24 hours). Xshield schedules a job every 24 hours to fetch new or updated assets from Armis.
Attribute Mapping
Note: Only devices whose MAC address matches an existing Xshield asset are updated.
The table below shows how Armis attributes are mapped inside Xshield.
Core Tags
These core tags can be used for searching and creating segments.
| Armis Attribute | Xshield Core Tag |
|---|---|
| Category | Category |
| Brand | Manufacturer |
| Model | Model |
| Type | Subcategory |
| Location | Location |
Properties
Properties can be used to create tag rules.
| Armis Attribute | Xshield Property |
|---|---|
| Boundaries (first value) | Boundary |
| Device ID | Armis Device ID |
| Purdue Level | Purdue Level |
| Risk Level | Armis Risk Level |
Vulnerabilities
Xshield also imports vulnerability information from Armis for every matched asset. These CVEs are attached to the asset in Xshield and can be viewed in the Vulnerabilities column of an asset. You can leverage the imported CVE data to quickly identify vulnerable devices and tag them using Tag Rules (for example, tag assets whose CVE list contains a specific vulnerability like CVE-2021-44228).