cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

983
Views
15
Helpful
6
Replies
Highlighted
Contributor

Managing ISE externally

Hi Experts,
We are in the middle of deploying ISE in a new environment and would want to monitor the ISE from our own SOC.
The SOC will be monitoring for the crucial components of the ISE hardware, like, RAM, disk space, CPU usage and bandwidth and so on... Could this be monitored using syslogs? SNMP?
Also, we are going to monitor the user authentications using syslogs, like authentication fails, multiple attempts and other factors like guest users.
Then comes the multiple services that are already running on ISE, which include pxgrid and administration and so on... as far as I know that we cannot put a script directly on ISE command line like a linux instance, then what are other ways I could find out what services are running what have failed?

Has anyone done this before?
Could you please point me to some material to achieve this..?

Regards,

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Your ISE has an ability to send syslogs to SIEM such as Splunk or Qradar. 

For example , ISE can send syslogs to Qradar for any alarms and send notifications to your SOC via either emai or if your SOC has dashboard for your SIEM it can be configured to show the logs there monitor. Hope that makes sense.

View solution in original post

6 REPLIES 6
Highlighted
VIP Expert

Depends on the system in place - some many not get as expected from the ready tool, some required to automate with scripting.

 

Most of them you get from syslog forwarding to syslog server and monitor the Log and generate a event or alert based on alert level.

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs_chapter_01.html

 

You can also do scritping Login go ISE CLI Level issue command grab the output  and generate event - this also possiblem with SNMP and SYSLOG - Hope this make sense ?



BB


*** Rate All Helpful Responses ***

Highlighted
Cisco Employee

Try this API, it should address most of what you are asking for:

http://cs.co/ise-api#!pull-deployment-info

Regards,

Hari

Highlighted
Contributor

The suggestion provided are pretty helpful, I am planning on using Nagios as a monitoring tool with ISE.
But seems that the free version that I have does not support ISE.

Are there any specific plugins or anything that is needed to make monitoring work with Nagios and ISE?

Has anyone attempted this before or has a working example?

Highlighted
Cisco Employee

None I am aware of. If you use Splunk, then Splunk has some add-on for ISE.

Highlighted
Beginner

Your ISE has an ability to send syslogs to SIEM such as Splunk or Qradar. 

For example , ISE can send syslogs to Qradar for any alarms and send notifications to your SOC via either emai or if your SOC has dashboard for your SIEM it can be configured to show the logs there monitor. Hope that makes sense.

View solution in original post

Highlighted

Correct you can also do pxGrid integrations with QRadar (Splunk no longer integrates with pxGrid)

 

Check out http://cs.co/ise-guides for more informaiton, there are sections for both of them with guides and build out info

 

 

Content for Community-Ad