Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
920
Views
0
Helpful
2
Replies

ISE Integration with Stealthwatch

Go to solution
jatedesc
Cisco Employee
Cisco Employee

‎12-15-2019 07:09 PM

I have a customer who is currently running ISE and Stealthwatch Enterprise. Within the Stealthwatch console user names can been seen when using PEAP authentication in ISE.

 

The customer has now moved to machine certificates and now the usernames are longer seen in Stealthwatch. I have been advised to get the user details we will need to have user certs deployed. Is this correct?

 

Is there an alternative way to obtain the user information?

 

Thanks.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎12-15-2019 08:22 PM

Consider a few approaches to this and see if any are viable. User certificates are not a hard requirement, but we still have to gather the user some way.

1. Install AnyConnect NAM with EAP chaining to replace the native supplicant. Performing both machine and user authentication at the same time.

2. Leverage machine and then user authentication with a native supplicant. Machine when no user is logged in, user once a user logs in.

3. Consider implementing the passive identity connector (ISE-PIC), collecting user data out of band/passively for use with the integration.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎12-15-2019 08:22 PM

Hi

You need to have a user authentication/information in ISE to be consumed by Stealthwatch.

Today if you have machine authentication only, you can have the following options to gain usernames in ISE:
- eap-chaining with anyconnect
- dual authentication (machine and user)
- ise passive id: keep the machine authentication and when the user logs in, it will be an exchange of information between ise and ad

For the first 2 options, yes you can deploy certificates and use them to authenticate users.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎12-15-2019 08:22 PM

Consider a few approaches to this and see if any are viable. User certificates are not a hard requirement, but we still have to gather the user some way.

1. Install AnyConnect NAM with EAP chaining to replace the native supplicant. Performing both machine and user authentication at the same time.

2. Leverage machine and then user authentication with a native supplicant. Machine when no user is logged in, user once a user logs in.

3. Consider implementing the passive identity connector (ISE-PIC), collecting user data out of band/passively for use with the integration.
0 Helpful
Customers Also Viewed These Support Documents