Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
825
Views
0
Helpful
1
Replies

POV Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

Go to solution
Samuel Vuillaume
Cisco Employee
Cisco Employee

‎11-17-2017 10:25 AM

Guys

I am currently working on a POV for Cisco Threat Centric NAC using Qualys with Cisco Identity Services Engine (ISE).

As you know Qualys integration does not use Cisco platform Exchange Grid (pxGrid) for ISE integration, instead it uses Structured Threat Information Expression (STIX).

This is where my client stands:

  • It is working on laptops but not on smartphones? Is this a current limitation of this integration?
  • Qualys initial scan takes up to 30 min – Is this what expected? That seems way too long but might be what to expect, can you confirm?

  • This rises question about what to happens to the client during the initial Scan?
    • Quarantine or Allow? I would think only a limited access would be given to the client while waiting for then Qualys Scan report
  • when Qualys scan report comes back? what is next?
    • I would think an ISE COA could then even quarantine the client or provide further network/application access based on CVSS score? Can you confirm?

Thank you

Sam

Any guidance or best practices would be appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-17-2017 05:58 PM

A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.

Screen Shot 2017-11-17 at 5.50.05 PM.png

Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.

The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.

I agree with you on your answer on the fourth question.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-17-2017 05:58 PM

A couple of Apple iPhones were scanned by Qualys as shown below so it appears supported. The Qualys console would give info why a scan not happened. Please contact Qualys support team if it not working as expected.

Screen Shot 2017-11-17 at 5.50.05 PM.png

Qualys is a cloud platform. In my experience, the scan needs queued first and then, depending on availability of the platform and the scanner, initiate the scan. After that, ISE checks the results in a configured interval. Thus, it can take as long as 30 minutes or longer at times.

The third question is up to the ISE admin team, as to what access to grant before receiving the results on an endpoint.

I agree with you on your answer on the fourth question.

0 Helpful
Customers Also Viewed These Support Documents