https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465087#M88242 <P>Hi, </P><P></P><P><SPAN>One of the major concerns regarding security solutions is the way they interact. ISE specifically, is compatible with most of the SIEMs available today, as stated by Cisco (</SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/vpndevc/ecosystem.html" rel="nofollow" target="_blank">http://www.cisco.com/en/US/prod/vpndevc/ecosystem.html</A><SPAN>). </SPAN></P><P></P><P>In my particular case, I want to integrate ISE with ArcSight. </P><P>For ArcSight to correctly parse the syslog messages that ISE sends, you have to install/configure an ISE smartconnector. </P><P></P><P>What I'm missing though is how does ArcSight instructs ISE to take specific actions on users/devices that are involved in a network attack.</P><P></P><P><SPAN>Please check: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/at_a_glance_c45-728401.pdf" rel="nofollow" target="_blank">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/at_a_glance_c45-728401.pdf</A></P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P dir="ltr" style="font-size: 12px; font-family: sans-serif; left: 552.267px; top: 634.773px; transform: rotate(0deg) scale(1.0016, 1); transform-origin: 0% 0% 0px;">SIEM/TD partners may utilize ISE as a conduit for taking mitigation actions within the Cisco network infrastructure. SIEM/TD platforms can instruct ISE to undertake quarantine or access-block actions on users and/or device based on ISE policies that have been defined for such actions. </P></PRE><P></P><P>Thanks! </P><P>Octavian</P> Mon, 11 Mar 2019 04:22:04 GMT Octavian Szolga 2019-03-11T04:22:04Z https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465087#M88242 <P>Hi, </P><P></P><P><SPAN>One of the major concerns regarding security solutions is the way they interact. ISE specifically, is compatible with most of the SIEMs available today, as stated by Cisco (</SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/vpndevc/ecosystem.html" rel="nofollow" target="_blank">http://www.cisco.com/en/US/prod/vpndevc/ecosystem.html</A><SPAN>). </SPAN></P><P></P><P>In my particular case, I want to integrate ISE with ArcSight. </P><P>For ArcSight to correctly parse the syslog messages that ISE sends, you have to install/configure an ISE smartconnector. </P><P></P><P>What I'm missing though is how does ArcSight instructs ISE to take specific actions on users/devices that are involved in a network attack.</P><P></P><P><SPAN>Please check: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/at_a_glance_c45-728401.pdf" rel="nofollow" target="_blank">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/at_a_glance_c45-728401.pdf</A></P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P dir="ltr" style="font-size: 12px; font-family: sans-serif; left: 552.267px; top: 634.773px; transform: rotate(0deg) scale(1.0016, 1); transform-origin: 0% 0% 0px;">SIEM/TD partners may utilize ISE as a conduit for taking mitigation actions within the Cisco network infrastructure. SIEM/TD platforms can instruct ISE to undertake quarantine or access-block actions on users and/or device based on ISE policies that have been defined for such actions. </P></PRE><P></P><P>Thanks! </P><P>Octavian</P> Mon, 11 Mar 2019 04:22:04 GMT https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465087#M88242 Octavian Szolga 2019-03-11T04:22:04Z https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465088#M88245 <HTML><HEAD></HEAD><BODY><P>There is no such docs available till now for ArcSight integration with ISE. I also found only these two links:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/at_a_glance_c45-728401.pdf">http://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/at_a_glance_c45-728401.pdf</A></P><P><A class="jive-link-external-small" href="http://www.cisco.com/c/dam/en/us/solutions/enterprise-networks/context-aware-mobility-solution/profile_arcsight_c07-538803.pdf">http://www.cisco.com/c/dam/en/us/solutions/enterprise-networks/context-aware-mobility-solution/profile_arcsight_c07-538803.pdf</A></P></BODY></HTML> Thu, 13 Feb 2014 03:26:34 GMT https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465088#M88245 Naveen Kumar 2014-02-13T03:26:34Z https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465089#M88248 <HTML><HEAD></HEAD><BODY><P>It seems you're right. Cisco will publish the details regarding ISE/SIEM integration late this summer.</P></BODY></HTML> Thu, 13 Feb 2014 11:28:17 GMT https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465089#M88248 Octavian Szolga 2014-02-13T11:28:17Z https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465090#M88249 <P>Is there a document available for the integration of ArcSight SIEM with Cisco ISE which includes the milestones and the success criteria? I am not able to find anything specific.</P> Wed, 17 Jun 2015 16:30:50 GMT https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465090#M88249 apaldhikar1 2015-06-17T16:30:50Z https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465091#M88251 <P>I don' think there will be any (personal opinion). Some Cisco moderator should answer this one.</P><P>If you ask me, all the effort is put into developing pxGrid. If you environment does not work with pxGrid, that's it. It will not work.</P> Wed, 19 Aug 2015 08:57:22 GMT https://community.cisco.com/t5/network-access-control/ise-and-siem-integration/m-p/2465091#M88251 Octavian Szolga 2015-08-19T08:57:22Z