Deploying Cisco Stealthwatch 6.9 with Cisco Identity Services Engine (ISE) 2.2 using Cisco Platform ...

jeppich · ‎03-16-2017

This document is for Cisco Engineers and customers deploying Cisco Stealthwatch 6.9 with Cisco Identity Service Engine (ISE 2.2 using Cisco platform Exchange Grid (pxGrid). The reader should have some similarity with ISE and Cisco Stealthwatch and pxGrid.

Cisco Stealthwatch 6.9 no longer requires syslog information for obtaining contextual information, instead pxGrid is used. The Cisco Stealthwatch Management Console will register as a pxGrid client and subscribe the ISE pxGrid node Session Directory topic to obtain the contextual information.

ISE 2.2 features an internal Certificate Authority (CA) for deploying pxGrid certificates. These pxGrid client certificates can be generated from ISE in either PEM or PKCS12 formats and imported into the Stealthwatch SSL Client store and ISE internal CA root certificate imported into the Stealthwatch CA store. Additionally, certificates can be generated based on the Certificate Signing Requests (CSR). These scenarios will be covered in this document.

This document starts using the preferred method of using the ISE 2.2 Internal CA for deploying pxGrid and Stealthwatch 6.9 using PKCS12 certificate format and then covers an external CA server deployment.

Self-signed certificate deployments and other ISE 2.2 internal CA configurations are covered under the Other Configurations Section.

toyip · ‎03-21-2019

One thing I ran into which was not mentioned anywhere in the document is that the ISE-Client docker service in the Stealthwatch Management Console (SMC) stopped running which disconnected the pXgrid connection between ISE and the SMC. So be sure the ISE-Client docker service is running in the Stealthwatch Management Console (SMC). It is a show stopper!

Deploying Cisco Stealthwatch 6.9 with Cisco Identity Services Engine (ISE) 2.2 using Cisco Platform Exchange Grid (pxGrid)