As of May 2022, the Cisco ISE pxGrid App for QRadar Ver 3.1 is officially Validated and released by IBM, available for download from IBM XFE.
On app updates, its recommended to remove the old app and a new install of the updated app as there are many changes.
Install & Config Guide
Overview
The Cisco ISE pxGrid App V3.1 supports Cisco Identity Services Engine (ISE) 2.7+ and QRadar 7.3.3 FP10+/7.4.1 FP2+ and above. It leverages Cisco Platform Exchange Grid (pxGrid 2.0) to orchestrate all communication and data interchange / exchange between IBM QRadar and Cisco ISE. This provides ISE contextual information from within the QRadar console. The App has dashboards that provide key information such as Passed and Failed authentications, Device Summary, Compliance, TrustSec and MDM. It also allows the QRadar admin to take right-click Adaptive Network Control (ANC) mitigation actions for Rapid Threat Containment (RTC).
What's New
May 2022 v3.1 - QRadar 7.3.3 FP10+/7.4.1 FP2+
- adding support for unencrypted certs from external PKI (use ISE Internal CA pxGrid cert per guide as workaround)
- logging, support and help option screen
- Smoother flow of app config and screen messaging
- Updated libraries and integrity checks
Version 3.0.0 - QRadar v.7.3.3 FP10+/7.4.3 FP4+
- Added support for python 3.0, per IBM recommendations, this is supported on the following QRadar versions 7.3.3 fix pack 6, 7.4.1 fix pack 2, and 7.4.2 or later(For Ref.).
- Added and clarified several screens for authentication methods (VPN, MAB, Wired, Wireless, Guest, Dot1x).
- Improved installation process, consolidated screens for ease of use
- Added better HA support and code robustness for better error handling and messaging.
- Added support for PKCS#12 certificates.
- Auto selection of certificates from the upload set of files.
- Retains the app configuration on the app settings screen - certificates, IP address, etc.
- Added screens for health audit logs to monitor the health status of ISE nodes.
- Added poll now and refresh capabilities for ISE nodes health audit logs.
- Improved input validations - Qradar token and certificate key passphrase.
- Improved the screens to manage policies - create, update, delete and view.
- Auto discovery of qradar collector IPs in the app settings.
- Resolved issues related to right click functionality.
Version 2.0.0
Usability Fixes
- App setup screen isn’t flowing correctly - Root CA text box is not in order in the pxGrid App Settings page
- Default time interval set to 14 days in the UI. As per the suggestion from IBM, we recommend to narrow down the search to 1 day
- Print Current Activated server in the Event LEEF format
- Data picker validation to fix same start and end date to the AQLs on user input
- CR - Search functionality with partial wildcard search and Right click function
General fixes
- Support QRadar 7.4.0
- Replace LogSource name with LogSourceType name in AQL
- Rename Log Source packaged with the app
- Update JQuery to latest version
Documentation
Support
If you are still experiencing issues, please send an email to the qradarpxgridappsupport@external.cisco.com
Known Issues for current app release
Usability
- No support for non-English
- Can't run ANC action from the app policy screen listing of quarantined devices
