Solved: Tenable Capabilities with ISE

scamarda · ‎03-29-2019

ISE works with Tenable for Vulnerability Assessments (VA) when a device connects. I want to clarify a few things about the feature.

1) Can Tenable also send threat notifications to ISE for threats discovered from a regularly scheduled scan to cause a quarantine CoA (Rapid Threat Containment). This would not be alogin event

2) Can VA be done as part of a periodic reassessment? Not asking should I do it. Asking, can I do it.

3) Can the VA feature be used for IOT devices? It doesn't say any OS restrictions but want to double-check.

Thanks.

hslai · ‎03-29-2019

On 1, with TC-NAC, ISE may check via the configured VA adapter periodically for new scan results.

On 2, TC-NAC and ISE posture are separate components in ISE so TC-NAC is not part of PRA. However, we may enable periodic scans in the authorization profile that initiates the TC-NAC for the endpoints.

On 3, there is no OS restriction.

Cisco TC-NAC with ISE and Tenable Security Center has some more info.

View solution in original post

hslai · ‎03-29-2019

On 1, with TC-NAC, ISE may check via the configured VA adapter periodically for new scan results.

On 2, TC-NAC and ISE posture are separate components in ISE so TC-NAC is not part of PRA. However, we may enable periodic scans in the authorization profile that initiates the TC-NAC for the endpoints.

On 3, there is no OS restriction.

Cisco TC-NAC with ISE and Tenable Security Center has some more info.