Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7122
Views
5
Helpful
4
Replies

ISE and SIEM integration

Go to solution
Octavian Szolga
Level 4
Level 4

‎02-06-2014 11:43 PM - edited ‎03-10-2019 09:22 PM

Hi,

One of the major concerns regarding security solutions is the way they interact. ISE specifically, is compatible with most of the SIEMs available today, as stated by Cisco (http://www.cisco.com/en/US/prod/vpndevc/ecosystem.html).

In my particular case, I want to integrate ISE with ArcSight.

For ArcSight to correctly parse the syslog messages that ISE sends, you have to install/configure an ISE smartconnector.

What I'm missing though is how does ArcSight instructs ISE to take specific actions on users/devices that are involved in a network attack.

Please check: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/at_a_glance_c45-728401.pdf

SIEM/TD partners may utilize ISE as a conduit for taking mitigation actions within the Cisco network infrastructure. SIEM/TD platforms can instruct ISE to undertake quarantine or access-block actions on users and/or device based on ISE policies that have been defined for such actions.

Thanks!

Octavian

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
Octavian Szolga
Level 4
Level 4
In response to Naveen Kumar

‎02-13-2014 03:28 AM

It seems you're right. Cisco will publish the details regarding ISE/SIEM integration late this summer.

0 Helpful

Go to solution
apaldhikar1
Level 1
Level 1
In response to Octavian Szolga

‎06-17-2015 09:30 AM

Is there a document available for the integration of ArcSight SIEM with Cisco ISE which includes the milestones and the success criteria? I am not able to find anything specific.

0 Helpful

Go to solution
Octavian Szolga
Level 4
Level 4
In response to apaldhikar1

‎08-19-2015 01:57 AM

I don' think there will be any (personal opinion). Some Cisco moderator should answer this one.

If you ask me, all the effort is put into developing pxGrid. If you environment does not work with pxGrid, that's it. It will not work.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents