Hello
I've created a custom security event policy in Stealthwatch that will alarm when a single flow matches the condition I specified.
However, I don't want the event to simply be reported, I want an action whereby Stealthwatch triggers a request for ISE to quarantine the host.
My Stealthwatch installation is integrated with ISE via PxGrid and I've added my SMC to the ANC (adaptive network control) group in ISE as well as created an ANC quarantine policy in ISE to deny access.
I can see how to manually select the host in Stealthwatch and under ISE ANC Policy, select the policy I created in ISE to kick the host off the network.
The piece that I am struggling with is how to get Stealthwatch to automatically trigger the ISE policy once the CSE policy alarm is triggered.
I'd be most grateful for an assistance.