02-15-2018 09:56 AM
Hi all,
together with the customer we are working on the integration between ISE and ArcSignt. We are in touch with the Microfocus account team and they are keen to develop a custom connector for ISE but they are asking us some detailed info about our logs.
They would need a complete description of every field available in our logs and a bunch of logs they could use to test the connector.
Can we help them?
Best regards,
Marco
Solved! Go to Solution.
02-15-2018 11:31 AM
MicroFocus should be aware of this integration. As you can see, the specific announcement above is from their Community.
It should work fine and was initially tested with ISE 1.2, but we do not test every subsequent release of ISE with every subsequent version of the 3rd-party vendor's connector/product, so recommend validate with your specific combination.
Craig
02-15-2018 10:46 AM
ArcSight already has integration with ISE in SmartConnector Release 6.0.7.6901.
02-15-2018 10:49 AM
Smartconnector is an Arcsight product?
Does is work with every ISE release? We need the latest because it’s a DNA project.
Thanks
Marco
---
Marco Stangalino
: mstangal@cisco.com<mailto:mstangal@cisco.com>
: +39 3357619480
Il giorno 15 feb 2018, alle ore 19:46, chyps <community@cisco.com<mailto:community@cisco.com>> ha scritto:
Cisco Communities <https://communities.cisco.com/>
Support for ISE connector for Arcsight
reply from chyps<https://communities.cisco.com/people/chyps> in Technology > Security > Policy and Access > Identity Services Engine (ISE) - View the full discussion<https://communities.cisco.com/message/282209#282209>
02-15-2018 11:31 AM
MicroFocus should be aware of this integration. As you can see, the specific announcement above is from their Community.
It should work fine and was initially tested with ISE 1.2, but we do not test every subsequent release of ISE with every subsequent version of the 3rd-party vendor's connector/product, so recommend validate with your specific combination.
Craig
02-20-2018 01:11 AM
Hi Craig,
I’ve shared the info with the customer and they confirm it’s a good starting point. But they are going to install the latest release of ISE (2.3 or even 2.4) because we are working on a full Fabric project requiring the integration of DNA-C and Stealthwatch 6.10.
They would then need to know all the differences that we have introduced from 1.3 to now to let them build an updated version of the connector. If you are available we could also arrange a quick call between us, the customer and Microfocus to better clarify their needs.
Thanks,
Marco
02-20-2018 10:30 AM
I posted the message catalog for ISE 2.1 - 2.3 to Community last month. See: ISE 2.3 Logging Message Catalog
Message catalogs for older versions are posted to ISE docs here: Cisco Identity Services Engine - Error and System Messages - Cisco
We do not publish deltas, but expect 2.3 catalog to be superset. Existing parsers provided in ArcSight SmartConnector should work with ISE 2.3. You could also perform a diff, or simply check for net-new message IDs to determine what has been added since 1.3.
I highly recommend setting up ISE 2.3 up in lab and testing with ArcSight to validate expected/desired behavior.
Regards,
Craig
02-21-2018 09:02 AM
Hi Craig,
thanks a lot. I’ve shared the documents with Microfocus and they are perfect to customise the connector. They are also asking us if we have already a bunch of “real” logs they can use to test the connector in a pseudo real life. The reason is that a PoC installation of ISE would be quite silent while they would like to parse as many real logs as possible.
Thanks,
Marco
02-21-2018 10:44 AM
I am not aware of a library of sample logs. Certainly samples would be function specific. I recommend they review the net-new features they plan to use and begin performing proof-of-concept testing to both validate new features they plan to enable, as well as trigger related events.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide