Contents x
    Claroty xDome
    • 3 Minutes to read
    • Print
    • PDF
    Contents

    Claroty xDome

    • 3 Minutes to read
    • Print
    • PDF
    Article summary

    About this document

    This document provides the step-by-step procedure to configure Claroty xDome in SAFE.

    Introduction

    This integration enables users to import assets and their associated vulnerabilities from Claroty xDome into SAFE. When configured, it automatically onboards assets with at least one open vulnerability. These assets can belong to any of the following categories: OT (Operational Technology), IT (Information Technology), or IoT (Internet of Things) unless specific categories are defined in the integration settings.

    Prerequisites

    • SAFE Admin Access

    • Claroty xDome API URL

    • Claroty API token (Site permission and a read-only user role)

    • The user generating the API token must have access to view Sites, Categories, Assets, and Vulnerabilities in the Claroty Dashboard.

    Generate Connection Details (API Token)

    1. Login to Claroty xDome with a user account that has access to view Assets, Vulnerabilities, Sites, and Categories.

    2. Navigate to Settings > Admin Settings.

    3. Click the Add User button.

    4. Select the API User radio button.

    5. Enter Username and Title.

    6. In the Permissions section, Click on the Edit Site Permissions button.

    7. Select only the sites from which you want to fetch data.

      1. To pull data from all sites, click SELECT ALL.

      2. To include future sites (sites that may be added in Claroty later), enable the Future Sites option.

      3. To fetch data from specific sites only, select those sites manually. In this case, the Future Sites option will not apply.

    8. Click Apply.

    9. In the Roles section, select Read-Only-User.
      Claroty 1.png

    10. Click the Create User button.

    11. The system displays the created API User in the list with status as Pending Token Generation.

    12. Click the Generate Token icon.
      Claroty 3.png

    13. Select the expiration period for the token.

    14. For security purposes, you should select expiration period within 90 days.

    15. Click the Generate button.
      Clority5.png

    16. The system generates the API token. Copy and save the token to be used while configuring the integration in SAFE.

    17. Click the Finish button.

    Configure Claroty in SAFE

    1. Log in to your SAFE account as an Admin

    2. Navigate to the Integrations page and search for Claroty integration card.

    3. Click the Claroty card and then click the Configure button.

    4. Enter the following details:

      1. API URL : Your Claroty API URL is determined by your region. For example, in the U.S., it is https://api.claroty.com, while in the EU, it is https://eu.api.claroty.com, and so on.

      2. API Token : Refer to /safe-4/docs/claroty-xdome#generate-connection-details-api-token

      3. Enter the Category Filter: SAFE allows users to filter data fetched from Claroty by specifying comma-separated category names. If no category filter is provided, all Claroty assets accessible to the user will be pulled into SAFE without filtering.
        The category filter can either be left empty or contain only a combination of IT, IoT, or OT. Any other values, including variations like "IOT", are not valid.Enter the Auto Sync frequency in days.

      4. If needed, select Auto Onboard New Asset checkbox.

      5. If needed, select Update Existing Assets Metadata checkbox.

    5. Click the Test Connection button to verify the connection.

    6. Once successful, click Save to store the configuration.

    7. Click Sync Now to trigger an on-demand sync.

    8. Upon a successful sync, the system pulls the Claroty assets and their findings in SAFE. You can track the status of the sync in the History table.
      Claroty 6.png

    FAQs

    1. Which categories are acceptable for filtering?

    The category filter can either be left empty or contain only a combination of IT, IoT, or OT. Any other values, including variations like "IOT", are not valid.

    2. Why do I see some asset types (like Linux) in SAFE’s Attack Surface under OT, IoT, and Others?

    SAFE fetches OT and IoT asset categories directly from Claroty’s Category section. However, for IT assets, SAFE determines the attack surface based on the asset type, which is derived from Claroty’s Device Type section for a vulnerable device.

    3. Why does the number of assets and findings on the Integrations page appear as the number shown on the UI (+1)?

    SAFE uses v1 APIs to fetch actual asset-vulnerability pairs, whereas the UI uses v2 APIs, which return only metadata with the device and vulnerability count. This difference may result in a slight discrepancy in the displayed numbers.

    View Results

    Navigate to Technology > Asset List and filter the asset list for signal source equals “security.safe.claroty”.

    Claroty 7.png

    History

    Learn more about Integration History here.

    SAFE's Outgoing IP Addresses

    Click here to find the outgoing IP addresses of SAFE. All traffic to any integrations in SAFE will see one IP address as the source IP of the incoming connection.

    Was this article helpful?
    What's Next