cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2026
Views
15
Helpful
6
Replies

Managing ISE externally

dgaikwad
Contributor
Contributor

Hi Experts,
We are in the middle of deploying ISE in a new environment and would want to monitor the ISE from our own SOC.
The SOC will be monitoring for the crucial components of the ISE hardware, like, RAM, disk space, CPU usage and bandwidth and so on... Could this be monitored using syslogs? SNMP?
Also, we are going to monitor the user authentications using syslogs, like authentication fails, multiple attempts and other factors like guest users.
Then comes the multiple services that are already running on ISE, which include pxgrid and administration and so on... as far as I know that we cannot put a script directly on ISE command line like a linux instance, then what are other ways I could find out what services are running what have failed?

Has anyone done this before?
Could you please point me to some material to achieve this..?

Regards,

1 Accepted Solution

Accepted Solutions

ade5
Beginner
Beginner

Your ISE has an ability to send syslogs to SIEM such as Splunk or Qradar. 

For example , ISE can send syslogs to Qradar for any alarms and send notifications to your SOC via either emai or if your SOC has dashboard for your SIEM it can be configured to show the logs there monitor. Hope that makes sense.

View solution in original post

6 Replies 6

balaji.bandi
VIP Guru VIP Guru
VIP Guru

Depends on the system in place - some many not get as expected from the ready tool, some required to automate with scripting.

 

Most of them you get from syslog forwarding to syslog server and monitor the Log and generate a event or alert based on alert level.

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs_chapter_01.html

 

You can also do scritping Login go ISE CLI Level issue command grab the output  and generate event - this also possiblem with SNMP and SYSLOG - Hope this make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hariholla
Cisco Employee
Cisco Employee

Try this API, it should address most of what you are asking for:

http://cs.co/ise-api#!pull-deployment-info

Regards,

Hari

dgaikwad
Contributor
Contributor

The suggestion provided are pretty helpful, I am planning on using Nagios as a monitoring tool with ISE.
But seems that the free version that I have does not support ISE.

Are there any specific plugins or anything that is needed to make monitoring work with Nagios and ISE?

Has anyone attempted this before or has a working example?

hslai
Cisco Employee
Cisco Employee

None I am aware of. If you use Splunk, then Splunk has some add-on for ISE.

ade5
Beginner
Beginner

Your ISE has an ability to send syslogs to SIEM such as Splunk or Qradar. 

For example , ISE can send syslogs to Qradar for any alarms and send notifications to your SOC via either emai or if your SOC has dashboard for your SIEM it can be configured to show the logs there monitor. Hope that makes sense.

Correct you can also do pxGrid integrations with QRadar (Splunk no longer integrates with pxGrid)

 

Check out http://cs.co/ise-guides for more informaiton, there are sections for both of them with guides and build out info

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers