Any updates on this topic?

Thanks

Hey Tiago,

QRadar is still via ISE syslogs, if you have customers or partners who are in interested in pxGrid with Qradar can you send me a list.

Thanks,

John

jeppich@cisco.com

I work for Cisco partner - one our customer is very interesting in integration ISE and QRadar - both products is now used in his network. He would like to use his CIEM system (or QRadar) to be able to initialize blocking or quarantining some host (with security risk behaviour). I check the ISE REST API and it seems to me it could be quite easy to put the endpoint ID (MAC address) to some Endpoint Group (like Security Incident) and setup general authorization exception, which set apropriate result for the endpoint (SGT, VLAN DACL..).

But I will need also to initialize some endpoint reauthentication - or CoA ??. Is it possible to initialize this by ISE REST API - in case not, is there any other way how to manage this?

Thank you

Dear John,

Is there any update about Qradar integration with ISE via PxGrid? If so, is there Any official documents, links that we can refer to?

Regards,

Georges

Hey Georges,

The Qradar app is still under development, will follow-up with you when this has been completed.

Thanks,

John

jeppich@cisco.com

Hi John,

Is there any update on IBM Qradar app development? We want to integrate ISE 2.4 with IBM Qradar SIEM 7.2.8 & 7.3 version.

Kindly let us know any document available for same.

Hey Dnyaneshwar,

The Cisco ISE pxGrid App for QRadar is in IBM"s validation process phase, the How-to document will be available as well.

The Cisco ISE pxGrid APP for QRadar is certified on QRadar 7.2.8 patch 9.

Thanks,

John

jeppich@cisco.com

Thx for reply John.

When do you think it will be available?

Sent from my iPhone

Just released on May 1.

Document can be found on

https://exchange.xforce.ibmcloud.com/hub/extension/6091fd93042043212fd2494fe97ff5b7