12-16-2022 02:55 PM
I am running ISE 3.0 Patch. I have a SecureX Remote gateway deployed into my environment to be able to facilitate connections from SecureX. I installed the latest Workflows from the My Exchange in SecureX Orchestration, specifically the ISE - Quarantine Endpoint, ISE - Add Endpoint to Identity Group and ISE - Remove Endpoint from Identity Group. On my ISE deployment, under ERS settings, I have Enable ERS for Read/Write, ERS Setting for All Other Nodes set to enable ERS for Read and under CSRF Check USE CSRF Check for Enhanced Security (I have tried to disable it as well and both fail). I created a local Admin User and set groups Super Admin and ERS Admin to that user. In data access privileges, I made sure that the groups have full access. In SecureX I added the requisite Targets, Keys, remote, added the identity group ID, etc. When I run the Add Endpoint to Identity Group (using the mac copied from ISE as the observable_value and mac_address as the observable_type), everything runs green until it gets to the ATOMIC action of ISE - ERS - Endpoint - Update Identity Group.
In the Error Message I see this:
id: 0226MDL7OM8Y24rKeO3fE3MrmVEuoSXVUUb, wf_instance_id: 0226MDKWO57Q779kC0Sn6TBE2amOHuZrc8H, error: Failed to update the requested endpoint's identity group assignment
Status code: 403
Response body: CSRF nonce validation failed<!DOCTYPE html>
<html lang="en">
<head>
</head>
<body>
<div class="container">
<h1>[ 403 ] </h1>
<p></p>
<p></p>
</div>
</body>
</html>
In the JSON Output I see this:
02-11-2023 06:20 PM
@Christopher Tuskan For SecureX, see Cisco SecureX / Got questions/Need Support?
03-09-2023 12:22 AM - edited 03-09-2023 12:24 AM
Hi Christopher,
Please look into the below links also that contain the step-by-step procedure for ISE and Secure X integration.
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.
You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-------------------------------------------------------------
Please utilize Khoros Care to reply to the post and update the status.
Let me know if you have questions/issues.
Thanks,
G.Srinivasan
03-11-2023 11:29 PM
@Christopher Tuskan The error and the output you posted were about CSRF. So, you should have a different set when CSRF disabled.
Also, try ERS directly either with cURL or a GUI-based REST client, such as postman. The following pages might help you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide