cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

229
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

Guys

I am currently working on a POV for Cisco Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

As you know Qualys integration does not use Cisco platform Exchange Grid (pxGrid) for ISE integration, instead it uses Structured Threat Information Expression (STIX).

This is where my client stands:

  • It is working on laptops but not on smartphones? Is this a current limitation of this integration?
  • Qualys initial scan takes up to 30 min – Is this what expected? That seems way too long but might be what to expect, can you confirm?

  • This rises question about what to happens to the client during the initial Scan?
    • Quarantine or Allow? I would think only a limited access would be given to the client while waiting for then Qualys Scan report
  • when Qualys scan report comes back? what is next?
    • I would think an ISE COA could then even quarantine the client or provide further network/application access based on CVSS score? Can you confirm?

Thank you

Sam

Any guidance or best practices would be appreciated.

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.

Screen Shot 2017-11-17 at 5.50.05 PM.png

Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.

The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.

I agree with you on your answer on the fourth question.

1 REPLY 1
Cisco Employee

Re: POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.

Screen Shot 2017-11-17 at 5.50.05 PM.png

Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.

The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.

I agree with you on your answer on the fourth question.