Deploying Cisco Stealthwatch 7.0 with Cisco ISE 2.4 using pxGrid

jeppich · ‎02-01-2019

This document is for Cisco Engineers, partners and customers deploying Cisco Stealthwatch 7.0 with Cisco Identity Services Engine (ISE) 2.4 using Cisco Platform Exchange Grid (pxGrid) 1.0.

In this release ANC mitigation actions have been updated to use ANC policies. Cisco Security Group Tags (SGT) are now incorporated in network flows illustrating Cisco Segmentation. Custom event violation policies can be created from this information.

fehach · ‎03-07-2019

In our case, we need to do an additional step to approve manually the pxgrid authentication in ISE configuration, in order to complete de pxgrid integration between SWE and ISE.

santosdambi@gmail.com · ‎05-29-2019

Hi people, i need your help to solve the stealthwatch with ise, i have the following error

Can someone give me some idea on how to solve this problem?

jeppich · ‎05-29-2019

Hi,

You need to select the Stealthwatch pxGrid client and select Approve.

You can change these pxGrid client settings on Administration->pxGrid->client settings to automatically approve.

santosdambi@gmail.com · ‎05-29-2019

thanks jeppich, you solved my problem.

santosdambi@gmail.com · ‎05-29-2019

Hi Jeppich,

at the moment I have my client group blank is this normal, should have ANC?.

can you help me with this information?

jeppich · ‎05-29-2019

Hi,

You should be fine. However, if you want you can select the Stealthwatch client and then group and then add the ANC group and then save.

santosdambi@gmail.com · ‎05-30-2019

Hi jeppich,

I have already solved the problem of joining the ANC Group, thank you very much for the support.

santosdambi@gmail.com · ‎05-30-2019

Hi Jeppich,

in stealthwatch I do not see any information, can you please look at the stealtwatch image if I need to do any more configuration?

santosdambi@gmail.com · ‎06-03-2019

Hi, can anyone help me solve the problem of my integration of stealthwatch and ise?

jeppich · ‎06-03-2019

HI,

Do you have any realtime authentications coming in to ISE?

santosdambi@gmail.com · ‎06-03-2019

what kind of authentication Jeppich?

Jason Kunst · ‎06-03-2019

I would also recommend checking out http://cs.co/ise-help and lokoking for how to get help in the community, the tac can support this if you’re looking for urgent care

santosdambi@gmail.com · ‎06-05-2019

Hi Jeppich, this deploying i need configure authentication radius on ise with another devices like wlc,router, switch, etc, on ise network devices ?

What are you going to fail for stealthwatch to have this error?

toyip · ‎08-22-2019

I got an ISE deployment of over 30 nodes but only two nodes have pxGrid enabled to integrate Stealthwatch. Do we need the pxGrid certs for ALL nodes in the deployment or just the 2 nodes with pxGrid enabled?

jeppich · ‎08-22-2019

Hi,

I’m assuming that your customer is using an external CA, in which case, your ISE admin and ISE MNT nodes already have the proper certificates in place to communicate with the ISE pxGrid nodes.
In the Stealthwatch pxGrid configuration, you would need to configure only for the pxGrid nodes.
Please use the ISE Communities https://community.cisco.com/t5/identity-services-engine-ise/bd-p/5301j-disc-ise to post these type of technical questions.