Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
886
Views
0
Helpful
2
Replies

Cisco ISE 2.4 Custom Attributes - Syslog

moyer_eric@bah.com
Level 1
Level 1

‎03-11-2019 07:26 AM

I've successfully created custom attributes and referenced them in a authorization policy. Is there any reporting that can be done from this custom attribute? I.E. If an endpoint falls into the custom attribute condition and a NAC action is taken, create a syslog of the event and forward it to a SIEM?

 

0 Helpful
2 Replies 2

paul
Level 10
Level 10

‎03-13-2019 10:37 AM

What custom attribute are you using?  Can you reference it in profiling? 

 

If you already have a rule for it the SIEM should be able to key off the rule result to know when a device hits it.

0 Helpful

moyer_eric@bah.com
Level 1
Level 1
In response to paul

‎03-13-2019 12:06 PM

Hi Paul,

 

I've created a custom attribute named Shirtcolor via the ERS API and attached a value "Blue" using the curl command on a specific endpoint.

From there In my policy, under authorization I created a condition "Endpoints:shirtcolor Contains Blue" and the action is to  update an advanced attribute to "Orange". Ideally I would like that "Orange" / attribute value to be sent to the SIEM as the value has changed for that specific endpoint.

0 Helpful
Customers Also Viewed These Support Documents