Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
0
Replies

Cisco ISE message codes

oblime
Level 1
Level 1

‎02-21-2019 08:33 PM - edited ‎02-21-2020 11:02 AM

Hi,

 

I was working on the use case of Cisco ISE anomalous behaviour particularly on MAC spoofing for my SIEM.

 

I've come across this https://clnv.s3.amazonaws.com/2018/usa/pdf/BRKSEC-3697-Reference.pdf

And it seems that the message codes for MAC spoofing would be 80016. However, I can't confirm this is the message code unless a spoofing activity being done, and that is not possible to request customer to do it.

 

Anyone have any idea on how to detect MAC spoofing other than checking on the message code. I'm stuck on this.

 

Please help

 

Oblime

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents