Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
702
Views
0
Helpful
1
Replies

TC-NAC Impact qualification definition with CTA

Go to solution
taasai
Cisco Employee
Cisco Employee

‎06-27-2019 08:19 PM

Hi,

I would like to clarify the ISE Impact Qualification/Cource_of_Action and the CTA Incident Risk mapping.

In ISE there are 5 types of Impact Qualifications such as ...

  • 1 - Insignificant

  • 2 - Distracting

  • 3 - Painful

  • 4 - Damaging

  • 5 - Catastrophic

On the Other hand, in the CTA, it has 10 levels of incident risk.  Also, there are only 4 types of Course_Of_Action.

 

image.png

I assume that the mapping goes like follows. But I'm not sure. In CTA, it seems that there are only 4 types of incident risks, red, orange, amber, and sky blue.  

CTA Incident risk 10 -> ISE Impact Qualification: 5 - Catastrophic -> Cource_Of_Action Internal: Blocking

CTA Incident risk 9 (or 9 and 8?) -> ISE Impact Qualification: 4 - Damaging -> Cource_Of_Action: Eradication

...??

 

Are there any guides?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jeppich
Cisco Employee
Cisco Employee

‎06-28-2019 09:28 AM

Hi,

 

Email me directly, this is determined by the CTA development engineers.

 

Thanks,

John

jeppich@cisco.com

View solution in original post

0 Helpful
1 Reply 1

Go to solution
jeppich
Cisco Employee
Cisco Employee

‎06-28-2019 09:28 AM

Hi,

 

Email me directly, this is determined by the CTA development engineers.

 

Thanks,

John

jeppich@cisco.com

0 Helpful
Customers Also Viewed These Support Documents