Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

509
Views
0
Helpful
1
Replies
Samuel Vuillaume
Cisco Employee
Cisco Employee
‎11-17-2017 10:25 AM
‎11-17-2017 10:25 AM

POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

Guys

I am currently working on a POV for Cisco Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

As you know Qualys integration does not use Cisco platform Exchange Grid (pxGrid) for ISE integration, instead it uses Structured Threat Information Expression (STIX).

This is where my client stands:

  • It is working on laptops but not on smartphones? Is this a current limitation of this integration?
  • Qualys initial scan takes up to 30 min – Is this what expected? That seems way too long but might be what to expect, can you confirm?

  • This rises question about what to happens to the client during the initial Scan?
    • Quarantine or Allow? I would think only a limited access would be given to the client while waiting for then Qualys Scan report
  • when Qualys scan report comes back? what is next?
    • I would think an ISE COA could then even quarantine the client or provide further network/application access based on CVSS score? Can you confirm?

Thank you

Sam

Any guidance or best practices would be appreciated.

0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee
Cisco Employee
‎11-17-2017 05:58 PM
‎11-17-2017 05:58 PM

A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.

Screen Shot 2017-11-17 at 5.50.05 PM.png

Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.

The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.

I agree with you on your answer on the fourth question.

View solution in original post

0 Helpful
1 REPLY 1
hslai
Cisco Employee
Cisco Employee
‎11-17-2017 05:58 PM
‎11-17-2017 05:58 PM

A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.

Screen Shot 2017-11-17 at 5.50.05 PM.png

Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.

The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.

I agree with you on your answer on the fourth question.

0 Helpful
Latest Contents
Network Security All-in-one ASA FTD WSA Umbrella ISE VPN Lay...
Created by Meddane on 05-17-2022 06:18 AM
2
0
2
0
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi... view more
Understanding IP Layer Enforcement on Cisco Umbrella
Created by Meddane on 05-17-2022 03:10 AM
0
0
0
0
Cisco Umbrella is a big DNS service that provides not only the DNS resolution but also if the hosted website is trust or malicious, the idea behind the Layer DNS Security is that the modern attacks uses the DNS in the first step either to redirect the use... view more
Cisco ISE Integration With F5 BIG-IP LTM Load Balancer for G...
Created by Meddane on 05-15-2022 02:24 AM
0
0
0
0
I shared with you this detailed document I created with 27 pages about Cisco ISE Integration With F5 BIG-IP Locar Traffic Manager LTM Load Balancer for Guest Acces.   The method used for Guest Access is the Self-Registration. Healt Monitor using HTTP... view more
Cisco ASA 9.714 version SNMP not working in EVE-NG LAB Envir...
Created by waqas.muhammad49 on 05-10-2022 06:56 AM
0
0
0
0
I created an IPSEC Site to site Tunnel between two ASA Firewalls in EVE-NG topology and i want to plot the IPSEC Site to Site VPN graph on PRTG ? The SNMP Walk command is not getting any output . As the firewall is making SNMP inbound connections with the... view more
ISE Integration with Eduroam External Server
Created by deepuvarghese1 on 05-09-2022 08:31 PM
3
20
3
20
The purpose of this document is to demonstrate how ISE can integrate with an eduroam external server which is a WI-Fi roaming service that provides international access to devices in education, research, and higher education. Students, teachers, and resea... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube