Claroty OT/ICS Cybersecurity REST API

Claroty OT/ICS cybersecurity REST API for critical infrastructure operators to automate industrial asset discovery, vulnerability management, network monitoring, and threat detection across operational technology environments — enabling AI agents to retrieve OT asset inventory, vulnerability findings, network baseline anomalies, and integrate industrial security data with enterprise SOC and ITSM platforms through Claroty's xDome and Continuous Threat Detection platforms. Enables AI agents to manage asset management for OT/ICS/IoT asset discovery and inventory automation, handle vulnerability management for OT-specific CVE and risk assessment automation, access network monitoring for industrial protocol communication baseline and anomaly detection automation, retrieve alert management for OT threat alert retrieval and severity automation, manage site management for multi-site industrial environment organization automation, handle integration management for SIEM, ITSM, and SOC platform data forwarding automation, access zone management for network segmentation and zone configuration monitoring automation, retrieve risk management for OT risk scoring and prioritization automation, manage report management for industrial security posture and compliance reporting automation, and integrate Claroty with Splunk, ServiceNow, and enterprise security platforms for OT SOC automation.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Other claroty OT-security ICS industrial-cybersecurity asset-discovery xDome
⚙ Agent Friendliness
52
/ 100
Can an agent use this?
🔒 Security
76
/ 100
Is it safe for agents?
⚡ Reliability
64
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
10
Documentation
70
Error Messages
64
Auth Simplicity
70
Rate Limits
60

🔒 Security

TLS Enforcement
99
Auth Strength
72
Scope Granularity
66
Dep. Hygiene
70
Secret Handling
72

OT/ICS security. SOC2, NERC-CIP, IEC-62443. OAuth2. US/EU. Industrial asset and network threat data.

⚡ Reliability

Uptime/SLA
64
Version Stability
68
Breaking Changes
62
Error Recovery
64
AF Security Reliability

Best When

A critical infrastructure operator or industrial enterprise wanting AI agents to automate OT asset inventory, industrial vulnerability assessment, network anomaly detection, and SOC integration through Claroty's OT cybersecurity platform.

Avoid When

ENTERPRISE LICENSE IS REQUIRED: Claroty serves critical infrastructure enterprises; automated open-developer assumption creates license_required; Claroty requires enterprise agreement; automated must have Claroty license. PASSIVE MONITORING IS THE DEFAULT: Claroty primarily uses passive network monitoring for OT asset discovery to avoid disrupting industrial operations; automated active-scan assumption creates production_risk for active scanning of OT networks that can disrupt sensitive industrial processes; automated must use passive monitoring approach for OT environments. OT PATCHING IS RARELY IMMEDIATE: OT/ICS devices have extended maintenance windows for patching; automated immediate-patch assumption creates operational_disruption for remediation recommendations not accounting for industrial maintenance windows; automated must design remediation workflows for OT patching constraints. INDUSTRIAL PROTOCOLS REQUIRE EXPERTISE: Claroty parses industrial protocols (Modbus, DNP3, Profinet, EtherNet/IP); automated generic-network assumption creates interpretation_error for industrial protocol communication not understood without OT domain expertise; automated must have OT context for meaningful anomaly interpretation.

Use Cases

  • Inventorying OT/ICS assets across industrial environments for asset management automation agents
  • Assessing CVE exposure for industrial devices and prioritizing remediation for OT security automation agents
  • Forwarding OT network anomaly alerts to enterprise SIEM for unified SOC monitoring automation agents
  • Reporting on industrial cybersecurity posture for critical infrastructure compliance automation agents

Not For

  • IT endpoint security (Claroty focuses on OT/ICS/IoT industrial environments; CrowdStrike and SentinelOne serve IT endpoint security)
  • Cloud workload security (Claroty is for on-premise industrial environments; Wiz and Prisma Cloud serve cloud security)
  • Consumer IoT security (Claroty focuses on industrial IoT in critical infrastructure; Armis and Microsoft Defender IoT also serve smart building IoT)

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: apikey oauth2
OAuth: Yes Scopes: Yes

Claroty uses API key and OAuth2 for OT Security REST API. REST API with JSON. New York, NY HQ (Israeli founders). Founded 2015 by Amir Zilberstein, Benny Porat, and Galina Antova (ex-Siemens, Israeli intelligence). Raised $635M+. Valuation: $1.8B (2021). Products: Claroty xDome (cloud-managed OT security), Claroty CTD (continuous threat detection), Claroty Secure Remote Access. 700+ enterprise customers. Critical infrastructure: energy, water, manufacturing, healthcare. Competes with Nozomi Networks, Dragos, and Microsoft Defender for IoT for OT security.

Pricing

Model: subscription
Free tier: No
Requires CC: No

New York NY. $635M raised. $1.8B valuation. 700+ enterprise customers. Annual site-based subscription.

Agent Metadata

Pagination
page
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • OT ASSET TYPES ARE INDUSTRIAL-SPECIFIC: Claroty asset types include PLCs, HMIs, RTUs, engineering workstations, and industrial controllers; automated IT-device assumption creates asset_misclassification for OT devices classified with IT device taxonomies; automated must use Claroty's OT-specific device type taxonomy
  • REMEDIATION FOR OT REQUIRES MAINTENANCE WINDOW: OT vulnerability remediation requires coordinated maintenance windows to avoid operational disruption; automated immediate-remediation assumption creates operational_risk for applying remediation actions to industrial systems without scheduled downtime; automated must enforce maintenance window planning for OT remediation
  • NETWORK ZONES REFLECT OT NETWORK SEGMENTS: Claroty zones map to Purdue model network levels; automated flat-network assumption creates zone_mismatch for security analysis not accounting for Purdue model segmentation in industrial environments; automated must understand OT network zone hierarchy for meaningful analysis
  • ASSET DISCOVERY IS PASSIVE BY DEFAULT: Claroty passive asset discovery doesn't send probes; automated active-scan assumption creates deployment_mismatch for implementations expecting active scanning behavior; automated must configure Claroty passive monitoring correctly for the industrial network
  • XDOME VS CTD API DIFFERS: Claroty xDome (cloud) and CTD (on-premise) have different API structures; automated unified-API assumption creates endpoint_not_found for xDome API endpoints called against CTD deployment; automated must use deployment-appropriate API endpoint

Alternatives

nozomi-api dragos-api armis-api microsoft-defender-iot-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Claroty OT/ICS Cybersecurity REST API.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered