topic It should be irrespective of in Network Access Control

ISE AD Security Event log?

rangerdangerx — Mon, 11 Mar 2019 07:23:41 GMT

If you have ISE integrated with AD, when a user authenticates with ISE does it create a login event on the DC security event log?

Yes, it does as ISE sends

Gagandeep Singh — Tue, 24 Jan 2017 23:48:06 GMT

Yes, it does as ISE sends request to DC for user check and once it gets confirmation then ISE looks for authorizing that AD user. So in a nutshell, DC should have a log for that user event viewer.

Regards

Gagan

PS : rate if it helps!!!!!

but it would be a dot1x login

rangerdangerx — Wed, 25 Jan 2017 15:03:29 GMT

but it would be a dot1x login event and not ldap correct?

It should be irrespective of

Gagandeep Singh — Wed, 25 Jan 2017 18:02:35 GMT

It should be irrespective of AD/LDAP. As during authentication of user, ISE talks to Kerberos and for group retrieval/Lookup from AD, it uses LDAP application.

In both cases, event should generate on AD.

Request can be DOT1X which uses RADIUS protocol or it can be TACACS user authentication from AD/LDAP server.

Regards

Gagan

PS : rate if it helps!!!!!

lets say I have a firepower

rangerdangerx — Wed, 25 Jan 2017 18:05:07 GMT

lets say I have a firepower user agent, which picks up login events from a dc, would the user agent see those events?

We can do that from ISE by

Gagandeep Singh — Wed, 25 Jan 2017 18:24:03 GMT

We can do that from ISE by sending logs to Syslog server. But don't know how to do that from Microsoft end. It would be better to open a thread with Microsoft team.

You can keep this thread running if required any further questions from our end.

Regards

Gagan

PS : rate helpful posts...

Re: We can do that from ISE by

Sakun Sharma — Wed, 23 Oct 2019 04:15:46 GMT

How do we configure ISE to send those logs to FMC or FTD?

Thanks