Claroty/Medigate
Overview
Claroty/Medigate is a modular, SaaS-powered industrial cybersecurity platform that scales with your environment. It extends protection across your entire XIoT landscape – from PLCs and RTUs to smart building systems – by automatically discovering and inventorying every asset, enriching a central CMDB, and continuously analysing vulnerabilities and exposures.
Claroty/Medigate also delivers network protection, Zero-Trust segmentation guidance, resilient threat detection, and seamless integrations with your existing firewalls, SIEM, SOAR, EDR, and other IT/OT tools through its open API.
Xshield leverages this API to pull the enriched inventory and CVE data, translating them into Xshield core tags, asset attributes, and properties so you can quickly search, tag, and segment high-risk OT/IoT/IoMT assets without manual effort.
Prerequisites
Claroty
- Access to Claroty/Medigate with an API Key that has Read privileges on all sites.
Xshield
- Admin role to enable the integration.
Integration
-
In Xshield, open Integrations → OT/IoT.
-
Click Activate on Claroty or Medigate.
-
In Claroty/Medigate API Endpoint keep the default URL unless your Claroty representative has provided a different one.
-
Enter your API Key.
-
Click Test to validate, then Save.
-
A success entry appears in Monitor → Logs once the integration is active.
-
Asset data and vulnerabilities are imported during the next scheduled sync (runs every 24 hours), so it can take up to 24 hours before Claroty tags appear on your devices.
Attribute Mapping
Note: Only devices whose MAC address matches an existing Xshield asset are updated.
Core Tags (for segments)
These core tags can be used for searching and creating segments.
| Claroty Field | Xshield Core Tag |
|---|---|
| Manufacturer | Manufacturer |
| Model | Model |
| Category | Category |
| Sub Category | Sub-category |
| Role | Role |
| Location | Location |
| Network List | Environment |
| First value in Assignees | Owner |
Asset Attributes (searchable)
| Claroty Field | Xshield Asset Attribute |
|---|---|
| Serial Number | Serial Number |
| OS Category | OS Name |
| OS Version | Platform (OS Version) |
Properties (for tag rules)
These properties can be used to create tag rules.
| Claroty Field | Xshield Property |
|---|---|
| Claroty AssetID | Claroty AssetID |
| Consequence of Failure | Consequence of Failure |
| FDA Class | FDA Class |
| Mobility | Mobility |
| Purdue Level | Purdue Level |
| Handles PII | Handles PII |
| Stores PHI/Transmits PHI | PHI Handling |
| Risk Score | Claroty Risk Score |
| Machine Type | Machine Type |
| Device End-of-Life (mapped value) | End of Life |
Vulnerabilities
Claroty links CVEs to each asset. Xshield imports these lists at every sync so you can:
- Search for devices that contain a specific CVE.
- Create Tag Rules that automatically tag vulnerable assets (for example, tag assets whose CVE list contains
CVE-2022-1388).