topic Re: POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE). in Network Access Control https://community.cisco.com/t5/network-access-control/pov-threat-centric-nac-using-qualys-with-cisco-identity-services/m-p/3522398#M519714 <HTML><HEAD></HEAD><BODY><P>A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.</P><P><IMG __jive_id="113458" alt="Screen Shot 2017-11-17 at 5.50.05 PM.png" class="image-1 jive-image" src="/legacyfs/online/fusion/113458_Screen Shot 2017-11-17 at 5.50.05 PM.png" style="height: 149px; width: 620px;" /></P><P>Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.</P><P></P><P>The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.</P><P></P><P>I agree with you on your answer on the fourth question.</P></BODY></HTML> Sat, 18 Nov 2017 01:58:25 GMT hslai 2017-11-18T01:58:25Z POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE). https://community.cisco.com/t5/network-access-control/pov-threat-centric-nac-using-qualys-with-cisco-identity-services/m-p/3522397#M519713 <HTML><HEAD></HEAD><BODY><P>Guys</P><P></P><P><SPAN style="font-family: 'Avenir',sans-serif;">I am currently working on a POV for Cisco Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).</SPAN></P><P></P><P><SPAN style="font-family: 'Avenir',sans-serif;">As you know Qualys integration does not use Cisco platform Exchange Grid (pxGrid) for ISE integration, instead it uses Structured Threat Information Expression (STIX).</SPAN></P><P></P><P><SPAN style="font-family: 'Avenir',sans-serif;">This is where my client stands:</SPAN></P><P></P><UL><LI><SPAN style="font-family: 'Avenir',sans-serif;">It is working on laptops <SPAN style="color: #575757; text-decoration: underline;">but not on smartphones</SPAN>? <EM><STRONG>Is this a current limitation of this integration?</STRONG></EM></SPAN></LI><LI><SPAN style="font-family: 'Avenir',sans-serif;">Qualys initial scan takes up to 30 min – Is this what expected? <EM><STRONG>That seems way too long but might be what to expect, can you confirm?</STRONG></EM></SPAN></LI></UL><P></P><UL><LI><SPAN style="font-family: 'Avenir',sans-serif;">This rises question about what to happens to the client during the initial Scan? </SPAN><UL><LI><SPAN style="font-family: 'Avenir',sans-serif;">Quarantine or Allow? <EM><STRONG>I would think only a </STRONG></EM><SPAN style="text-indent: 0px; color: #58585b; text-align: left; font-style: normal; font-size: 10pt; font-family: CiscoSans, Arial, sans-serif; font-weight: normal;"><EM><STRONG>limited access would be given to the client while waiting for then Qualys Scan report</STRONG></EM></SPAN></SPAN></LI></UL></LI><LI><SPAN style="font-family: 'Avenir',sans-serif;">when Qualys scan report comes back? what is next?</SPAN><UL><LI><EM><STRONG>I would think an ISE COA could then even quarantine the client or provide further network/application access based on CVSS score? Can you confirm?</STRONG></EM></LI></UL></LI></UL><P>Thank you</P><P>Sam</P><P><EM style="font-family: 'Avenir',sans-serif;"></EM></P><P></P><P></P><P><SPAN style="font-family: 'Avenir',sans-serif;">Any guidance or best practices would be appreciated. </SPAN></P></BODY></HTML> Fri, 17 Nov 2017 18:25:57 GMT https://community.cisco.com/t5/network-access-control/pov-threat-centric-nac-using-qualys-with-cisco-identity-services/m-p/3522397#M519713 Samuel Vuillaume 2017-11-17T18:25:57Z Re: POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE). https://community.cisco.com/t5/network-access-control/pov-threat-centric-nac-using-qualys-with-cisco-identity-services/m-p/3522398#M519714 <HTML><HEAD></HEAD><BODY><P>A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.</P><P><IMG __jive_id="113458" alt="Screen Shot 2017-11-17 at 5.50.05 PM.png" class="image-1 jive-image" src="/legacyfs/online/fusion/113458_Screen Shot 2017-11-17 at 5.50.05 PM.png" style="height: 149px; width: 620px;" /></P><P>Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.</P><P></P><P>The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.</P><P></P><P>I agree with you on your answer on the fourth question.</P></BODY></HTML> Sat, 18 Nov 2017 01:58:25 GMT https://community.cisco.com/t5/network-access-control/pov-threat-centric-nac-using-qualys-with-cisco-identity-services/m-p/3522398#M519714 hslai 2017-11-18T01:58:25Z