Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
558
Views
0
Helpful
3
Replies

ISE taking action on Syslog Event

jheesen123
Level 1
Level 1

‎10-23-2024 11:51 AM

Hi All,

I trying to determine if it's possible to take a syslog event into ISE and have a policy action taken on the event.  For example, if ISE receives a threat event from a firewall would it be possible to match on that event send a CoA to shut the port or move to an isolated VLAN. 

Thanks! 

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-23-2024 11:58 AM 

 For example, if ISE receives a threat event from a firewall would it be possible to match on that event send a CoA to shut the port or move to an isolated VLAN.

its all depends what event lot, if that is part of threat mixing with other product can be possible i guess :

look at the video :

https://www.youtube.com/watch?v=wUwEuB6NlxU

Other option Never explored that , but you can use syslog and API - combination of automation code can make action to trigger (not alone  ISE can do this i guess)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Aref Alsouqi
VIP
VIP

‎10-24-2024 01:38 AM

I personally only deployed the auto-remediation actions between StealthWatch (Secure Network Analytics) and ISE where a suspicious endpoint would have triggered an event and based on that event ISE would have isolated the endpoint from the network. AFAIK this is not possible with the ASAs nor the FTDs.

0 Helpful

ahollifield
VIP
VIP

‎10-24-2024 05:21 AM

No, ISE cannot receive syslog events like this.  There are various other integrations available though via pxGrid with many different products.

0 Helpful
Customers Also Viewed These Support Documents