Cisco Identity Services Engine (ISE) is an endpoint-based network access and policy enforcement solution. The ExtraHop Cisco ISE integration enables you to combine ExtraHop anomaly detection with ISE Adaptive Network Control (ANC) to dynamically quarantine endpoints in response to security threats.
Similar to our integration with the Palo Alto Firewall, this solution adds IP or MAC addresses from specific ExtraHop detections or alerts to an ANC policy to quarantine the related endpoint.
The bundle includes two triggers: one for alerts and one for detections. You specify the alerts and detections you want the trigger to monitor and the ANC policy where they should be quarantined. The bundle also includes a dashboard that displays the total number of detection and alert events that were sent to the firewall, along with the IP addresses, MAC addresses, and names of the related devices.