cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
680
Views
0
Helpful
1
Replies

POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

Samuel Vuillaume
Cisco Employee
Cisco Employee

Guys

I am currently working on a POV for Cisco Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

As you know Qualys integration does not use Cisco platform Exchange Grid (pxGrid) for ISE integration, instead it uses Structured Threat Information Expression (STIX).

This is where my client stands:

  • It is working on laptops but not on smartphones? Is this a current limitation of this integration?
  • Qualys initial scan takes up to 30 min – Is this what expected? That seems way too long but might be what to expect, can you confirm?

  • This rises question about what to happens to the client during the initial Scan?
    • Quarantine or Allow? I would think only a limited access would be given to the client while waiting for then Qualys Scan report
  • when Qualys scan report comes back? what is next?
    • I would think an ISE COA could then even quarantine the client or provide further network/application access based on CVSS score? Can you confirm?

Thank you

Sam

Any guidance or best practices would be appreciated.

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.

Screen Shot 2017-11-17 at 5.50.05 PM.png

Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.

The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.

I agree with you on your answer on the fourth question.

View solution in original post

1 Reply 1

hslai
Cisco Employee
Cisco Employee

A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.

Screen Shot 2017-11-17 at 5.50.05 PM.png

Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.

The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.

I agree with you on your answer on the fourth question.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: