Nozomi Networks
Overview
Nozomi Networks is an industry leader in OT & IoT security for critical infrastructure. Its platform combines deep network and endpoint visibility with AI-powered threat detection to deliver real-time asset inventories, risk insights and rapid incident response across the largest, most distributed industrial environments.
Xshield integrates with Nozomi’s open API to ingest this asset intelligence, mapping key attributes and detected CVEs to Xshield core tags and properties. This streamlines tagging and lets you segment or monitor vulnerable OT/IoT assets at scale.
Prerequisites
Nozomi Networks
- A Guardian, CMC or Vantage deployment with API access from internet enabled.
- Key Name and Key Token of a user with at least Assets:Read and Vulnerabilities:Read permissions.
- Nozomi Endpoint – Base URL of your Nozomi tenant, including the scheme (e.g.,
https://guardian.example.com).
Xshield
- Admin role to activate the integration.
Integration
-
In Xshield, open Integrations and select the OT/IoT category.
-
Click Activate on Nozomi Networks.
-
In Nozomi Credentials enter:
- Key Name – API key name.
- Key Token – API key token.
- Nozomi Endpoint – Base URL of your Nozomi tenant, including the scheme (e.g.,
https://colortokens.nozomi.com).
-
Click Test to verify the connection, then Save.
-
After saving, Xshield writes a success entry in Monitor → Logs indicating the integration is active.
-
Device data and vulnerabilities are pulled during the next scheduled sync (runs every 24 hours). Once that job completes, imported Nozomi tags will be visible on your assets.
Attribute Mapping
Note: Only devices whose MAC address matches an existing Xshield asset are updated.
Core Tags
These core tags can be used for searching and creating segments.
| Nozomi Attribute | Xshield Core Tag |
|---|---|
| Vendor or first non-private Mac Vendor | Manufacturer |
| Type | Category |
| Product Name | Model |
| Custom field Owner if present | Owner |
| First value in Roles | Role |
Asset Attributes
Following asset attribute can be used for searching asset.
| Nozomi Attribute | Xshield Asset Attribute |
|---|---|
| Serial Number | Serial Number |
| Firmware Version | Kernel Version |
| OS | OS Name |
Properties
These properties can be used to create tag rules.
| Nozomi Attribute | Xshield Property |
|---|---|
| First value in Zones | Zone |
| First value in Protocols | Protocol |
| Nozomi Asset ID | Nozomi AssetID |
Vulnerabilities
Nozomi correlates CVEs for each asset. Xshield imports these CVE IDs at every sync so you can quickly identify vulnerable devices and tag them using Tag Rules (e.g., tag assets where the CVE list contains CVE-2021-44228).