cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

75
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

TC-NAC with AMP ANC/EPS

Is there a way to apply an automated EPS or ANC policy when an AMP4E event is sent to ISE?  Also, when I look in the threat category in my policy set condition attributes, I see attributes for vulnerability scanners, but I don't see any AMP attributes.  The use case I'm working on is to have ISE take an automated response to an AMP4E event.

 

 

Thanks,

 

Matt

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Engager

Re: TC-NAC with AMP ANC/EPS

I don't believe there is a way to do an automated response for AMP events in ISE.  The only attributes that are supported are:

 

  • Threat:Qualys-CVSS_Base_Score

  • Threat:Qualys-CVSS_Temporal_Score

  • Rapid7 Nexpose-CVSS_Base_Score

  • Tenable Security Center-CVSS_Base_Score

  • Tenable Security Center-CVSS_Temporal_Score

I know at Live they demonstrated this working but I believe it was with FMC in the mix.  FMC/FTD would learn about the vulnerable endpoint and issue a quarantine to ISE.  I think Aaron presented on that two years ago, but I may not be remembering that correctly.

1 REPLY 1
VIP Engager

Re: TC-NAC with AMP ANC/EPS

I don't believe there is a way to do an automated response for AMP events in ISE.  The only attributes that are supported are:

 

  • Threat:Qualys-CVSS_Base_Score

  • Threat:Qualys-CVSS_Temporal_Score

  • Rapid7 Nexpose-CVSS_Base_Score

  • Tenable Security Center-CVSS_Base_Score

  • Tenable Security Center-CVSS_Temporal_Score

I know at Live they demonstrated this working but I believe it was with FMC in the mix.  FMC/FTD would learn about the vulnerable endpoint and issue a quarantine to ISE.  I think Aaron presented on that two years ago, but I may not be remembering that correctly.