Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2423
Views
15
Helpful
6
Replies

Managing ISE externally

Go to solution
dgaikwad
Level 5
Level 5

‎09-09-2020 11:27 PM

Hi Experts,
We are in the middle of deploying ISE in a new environment and would want to monitor the ISE from our own SOC.
The SOC will be monitoring for the crucial components of the ISE hardware, like, RAM, disk space, CPU usage and bandwidth and so on... Could this be monitored using syslogs? SNMP?
Also, we are going to monitor the user authentications using syslogs, like authentication fails, multiple attempts and other factors like guest users.
Then comes the multiple services that are already running on ISE, which include pxgrid and administration and so on... as far as I know that we cannot put a script directly on ISE command line like a linux instance, then what are other ways I could find out what services are running what have failed?

Has anyone done this before?
Could you please point me to some material to achieve this..?

Regards,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ade5
Level 1
Level 1

‎10-03-2020 08:48 AM

Your ISE has an ability to send syslogs to SIEM such as Splunk or Qradar. 

For example , ISE can send syslogs to Qradar for any alarms and send notifications to your SOC via either emai or if your SOC has dashboard for your SIEM it can be configured to show the logs there monitor. Hope that makes sense.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-10-2020 03:00 AM

Depends on the system in place - some many not get as expected from the ready tool, some required to automate with scripting.

 

Most of them you get from syslog forwarding to syslog server and monitor the Log and generate a event or alert based on alert level.

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs/Cisco_ISE_Syslogs_chapter_01.html

 

You can also do scritping Login go ISE CLI Level issue command grab the output  and generate event - this also possiblem with SNMP and SYSLOG - Hope this make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
hariholla
Cisco Employee
Cisco Employee

‎09-22-2020 01:22 PM

Try this API, it should address most of what you are asking for:

http://cs.co/ise-api#!pull-deployment-info

Regards,

Hari

Go to solution
dgaikwad
Level 5
Level 5

‎09-30-2020 02:25 AM

The suggestion provided are pretty helpful, I am planning on using Nagios as a monitoring tool with ISE.
But seems that the free version that I have does not support ISE.

Are there any specific plugins or anything that is needed to make monitoring work with Nagios and ISE?

Has anyone attempted this before or has a working example?

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-30-2020 04:57 PM - edited ‎10-03-2020 11:04 AM

None I am aware of. If you use Splunk, then Splunk has some add-on for ISE.

0 Helpful

Go to solution
ade5
Level 1
Level 1

‎10-03-2020 08:48 AM

Your ISE has an ability to send syslogs to SIEM such as Splunk or Qradar. 

For example , ISE can send syslogs to Qradar for any alarms and send notifications to your SOC via either emai or if your SOC has dashboard for your SIEM it can be configured to show the logs there monitor. Hope that makes sense.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to ade5

‎10-05-2020 11:21 AM

Correct you can also do pxGrid integrations with QRadar (Splunk no longer integrates with pxGrid)

 

Check out http://cs.co/ise-guides for more informaiton, there are sections for both of them with guides and build out info

 

 

Customers Also Viewed These Support Documents