Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Aruba ClearPass Integration Guide

integrations network aruba

Aruba ClearPass should be configured to send logs via syslog to the Taegis™ XDR Collector. ClearPass logs are filtered and correlated for various security event observations. Please follow the instructions in Adding a Syslog Export Filter on the Aruba documentation site.

Connectivity Requirements

Source Destination Port/Protocol
Aruba ClearPass Taegis™ XDR Collector (mgmt IP) UDP/514

Data Provided from Integrations

  Auth DNS HTTP Management Netflow NIDS Process Thirdparty
Aruba ClearPass NAC D              

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections


Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Configuration Instructions

To configure Aruba ClearPass to send logs to Secureworks® Taegis™ XDR, follow the instructions provided by Aruba to add a syslog export filter in Adding a Syslog Export Filter for each of the Export Template types. Consider the following requirements when completing the configuration steps:


Logs must not be split into more than one line as we are unable to rejoin the logs and any split portion may be ignored.


On this page: