cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2115
Views
10
Helpful
3
Replies

ISE & Stealthwatch integration problem

LuoJunZhi4816
Level 1
Level 1

After I integrated ISE & Stealthwatch . I can't see any users on Stealthwatch>Monitor>USERS ,also I can't apply ANC to the host.

I follow the guidance on this post

https://community.cisco.com/t5/security-documents/deploying-cisco-stealthwatch-7-x-with-cisco-ise-2-4-using-pxgrid/ta-p/3793357

 

Can someone give me some idea on how to solve this problem? 

 

2021-11-05 170616.png

3 Replies 3

@LuoJunZhi4816 it looks possibly like the integration between the SMC and ISE is not working correctly, as you don't have the username, MAC address nor ANC policy information in the SMC output.

 

Have you approved the stealthwatch SMC client in ISE (under the pxgrid services)?

Have you used the correct certificates with server and client EKU (as per instructions in the guides)?

Hi Rob Ingram,

Thank you for your reply.

 

Last week I rebuild my SMC and ISE ,but it shows the same error messages.

Should I need to take my ISE as a Radius Server, so that I could enable to use the ANC policy?

We already had our own Microsoft AD server,and every PCs in the office has joined into this domain.

So if possible I don't want to use another identity service.

 

I want to build the same environment just like what she did in the video.

hslai
Cisco Employee
Cisco Employee

Besides what Rob Ingram mentioned, check the integration guides specific to Cisco SNA releases at Cisco Secure Network Analytics > Configuration Guides