Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
3
Replies

TC-NAC with AMP

tetsato
Cisco Employee
Cisco Employee

‎11-09-2016 11:57 PM

Hi Experts,

I configured TC-NAC with AMP following by the link below and ISE shows AMP threat detection correctly.

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200550-Configure-ISE-2-1-Threat-Centric-NAC-TC.html

Now my questions are:

Can ISE quarantine PC which AMP detected a threat automatically??

Can ISE see AMP's vulnerable software events??

Thanks,

Tetsuya

0 Helpful
3 Replies 3

hslai
Cisco Employee
Cisco Employee

‎11-10-2016 09:20 AM

At present, there is no usable/actionable threat attributes from AMP to trigger re-auth automatically.

Regarding the vulnerable software events, do you mean the event type "vulnerable application detected"? I found a screenshot with that type of events so it seems included.

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎11-11-2016 08:01 AM

On AMP events, I received the following from our teams

These are the types of IoC published by AMP including “vulnerable application detected”. TC_NAC receive this list dynamically from AMP via API.

0 Helpful

tetsato
Cisco Employee
Cisco Employee
In response to hslai

‎11-13-2016 07:36 PM

Hi

Thank you very much for the info.

I tested with ISE 2.1.0.474 and connected to AMP cloud.

It looks ISE can receive AMP malware detection events but not “vulnerable application detected” event.

Can you please confirm??

スクリーンショット 2016-11-14 12.34.47.png

スクリーンショット 2016-11-14 12.33.06.png

スクリーンショット 2016-11-14 12.33.24.png

0 Helpful
Customers Also Viewed These Support Documents