Hi WannabCCIE ,
SNA itself provides the ability to automatically respond or share alarms by using the Response Manager.
The Response Management module allows you to configure how SNA responds to alarms.
Cisco Stealthwatch Response Management
In your scenario, you can achieve shutdown on SW port :
- (ISE + SNA): By triggering SNA Response Management "ISE ANC policy " action based on triggered CI alarms as the condition in the rule.
- (ISE + SNA + Securex): Same action as above but this time Securex can send actions/instructions/commands to ISE based on the workflow created to identify a CI alarm that can be received by Securex through Webhook.
Cisco SNA and SecureX Integration (Guide)
About Securex Webhooks
-----------------------------------------
You can also learn more about Secure Network Analytics (formerly known as Stealthwatch) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493
to view the latest schedule for upcoming sessions, as well as useful references, e.g. online guides, FAQs etc.
Thanks,
G.Srinivasan