cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Deploying Cisco Stealthwatch 7.0 with Cisco ISE 2.4 using pxGrid

4547
Views
10
Helpful
15
Comments

This document is for Cisco Engineers, partners and customers deploying Cisco Stealthwatch 7.0 with Cisco Identity Services Engine (ISE) 2.4 using Cisco Platform Exchange Grid (pxGrid) 1.0.

In this release ANC mitigation actions have been updated to use ANC policies.  Cisco Security Group Tags (SGT) are now incorporated in network flows illustrating Cisco Segmentation. Custom event violation policies can be created from this information.

 

Comments
Cisco Employee

In our case, we need to do an additional  step to approve manually the pxgrid authentication in ISE configuration, in order to complete de pxgrid integration between SWE and ISE.

Hi people, i need your help to solve the stealthwatch with ise, i have the following error

 

ise_stealtc1.JPGise_stealtc2.JPG

 

Can someone give me some idea on how to solve this problem?

Cisco Employee
Hi,

You need to select the Stealthwatch pxGrid client and select Approve.

You can change these pxGrid client settings on Administration->pxGrid->client settings to automatically approve.

thanks jeppich, you solved my problem.

Hi Jeppich,

at the moment I have my client group blank is this normal, should have ANC?.

can you help me with this information?

new_imagen.JPG

 

Cisco Employee
Hi,

You should be fine. However, if you want you can select the Stealthwatch client and then group and then add the ANC group and then save.

Hi jeppich,

 

I have already solved the problem of joining the ANC Group, thank you very much for the support.

Hi Jeppich,

in stealthwatch I do not see any information, can you please look at the stealtwatch image if I need to do any more configuration?

steal11.JPGsteal22.JPG

 

 

Hi, can anyone help me solve the problem of my integration of stealthwatch and ise?

 

ISE22.JPGisehoje.JPGStealthwacth33.JPG

Cisco Employee
HI,

Do you have any realtime authentications coming in to ISE?

what kind of authentication Jeppich?

Cisco Employee
I would also recommend checking out http://cs.co/ise-help and lokoking for how to get help in the community, the tac can support this if you’re looking for urgent care

Hi Jeppich, this deploying i need configure authentication radius on ise with another devices like wlc,router, switch, etc, on  ise network devices ?

 

What are you going to fail for stealthwatch to have this error?

 

Stealthwacth33.JPG

 
Cisco Employee

I got an ISE deployment of over 30 nodes but only two nodes have pxGrid enabled to integrate Stealthwatch. Do we need the pxGrid certs for ALL nodes in the deployment or just the 2 nodes with pxGrid enabled?

Cisco Employee
Hi,

I’m assuming that your customer is using an external CA, in which case, your ISE admin and ISE MNT nodes already have the proper certificates in place to communicate with the ISE pxGrid nodes.
In the Stealthwatch pxGrid configuration, you would need to configure only for the pxGrid nodes.
Please use the ISE Communities https://community.cisco.com/t5/identity-services-engine-ise/bd-p/5301j-disc-ise to post these type of technical questions.