cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1898
Views
5
Helpful
1
Replies

Sourcefire User Agent to ISE migration -- excluded usernames

Evan Wheatley
Level 1
Level 1

I'm in the process of completing a migration from Sourcefire User Agent to ISE to publish user identity information to FMC via pxGrid. I have a couple of questions:

1 - ISE is configured and enabled for PassiveID, with WMI connections to the domain controllers. This is working as expected.

In planning for the migration, the "Excluded Usernames" feature from the User Agent is actively used to preclude named usernames from ever populating FMC. Is there a similar feature available for the ISE-FMC integration via pxGrid?

2 - When moving from the User Agent to ISE as Identity Source in FMC, is the existing database (user-IP mapping) in FMC purged during the change? Are all the passive identity sessions learnt via WMI published instantly to FMC? Or only new sessions from the time the identity source is migrated from User Agent to ISE?

Thanks in advance!

1 Reply 1

Evan Wheatley
Level 1
Level 1

I've been able to answer my first question, with thanks to an old colleague. Cheers Kevin.

For anyone looking for a similar answer, in use you can utilize Mapping Filters in ISE to achieve the same feature as Excluded Usernames in the Sourcefire User Agent.

Ref: https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/pic_admin_guide/pic_admin27/pic_admin27_chapter_011.html?bookSearch=true#task_E9787621FE1146E59A0E5EC4573609EE.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: