Solved: Re: Unquarantine Endpoint in ISE

meetneelesh79 · ‎03-23-2017

Team,

I have integrated Firepower with ISE using PXGRID. I have certain rules in Firepower and if endpoint hits the rule it will send quarantine action to ISE for that endpoint. ISE is quarantining the endpoint and denying all the access. I am using ISE 2.0 version.

I have following questions:

1. Is there any way to unquarantine the endpoint automatically?

2. where I can see all the quarantine mac-addresses in ISE? Other-than reports

Thanks,

Neelesh Marathe

jeppich · ‎03-23-2017

Hey Neelesh,

You can setup an Unquarantine Correlation in Firepower to trigger unquarantine actions : How To: Rapid Threat Containment (RTC) with Cisco FireSIGHT and ISE

This is an older doc than Firepower, but the policies and configurations are the same.

Reports are the only way to see the endpoints.

Thanks,

John

jeppich@cisco.com

View solution in original post

jeppich · ‎03-23-2017

Hey Neelesh,

You can setup an Unquarantine Correlation in Firepower to trigger unquarantine actions : How To: Rapid Threat Containment (RTC) with Cisco FireSIGHT and ISE

This is an older doc than Firepower, but the policies and configurations are the same.

Reports are the only way to see the endpoints.

Thanks,

John

jeppich@cisco.com