cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

How To: Rapid Threat Containment (RTC) with Cisco FireSIGHT and ISE

6386
Views
5
Helpful
6
Comments

May 2016

This document is for intended for Cisco engineers and customers who are interested in deploying FireSIGHT Management Center (5.4) with Cisco Identity Service Engine (ISE 1.3 or higher) using (platform exchange Grid) pxGrid’s Adaptive Network Control (ANC) mitigation actions to take action on the endpoint. Please note that this is for FireSIGHT Management Center 5.4 only and not for FireSIGHT Management Center 6.0.

This document provides details on the configuration of FireSIGHT Management Center using ISE in a stand-alone environment using self-signed certificates and also using Certificate Authority (CA)-signed certificates with pxGrid enabled. The pxGrid remediation module, pxGrid agent installation and configuration details are covered. The pxGrid remediation module provides the pxGrid ANC mitigation features: quarantine, portbounce, portshut, reauthenticate, terminate and unquarantine. The pxGrid agent provides the certificate information and ISE pxGrid node connection information between the FireSIGHT Management Center and the ISE pxGrid node. Correlation policies, rules, remediation types are defined for each ANC mitigation action type.

The reader should have some familiarity with the FireSIGHT Management Center and the Identity Service Engine (ISE) access control system. It is assumed that FireSIGHT Management Center 5.4 and a standalone ISE 1.3 or ISE 1.4 environment is installed. FireSIGHT Management Center 5.4 was also tested on ISE 2.0.

The following software versions were used for the testing of this document:

  • FireSIGHT Management Center 5.4
  • FireSIGHT Appliance Virtual Sensor 5.4
  • Cisco Identity Services Engine ISE 1.3 and ISE 1.4
  • FireSIGHT pxGrid remediation module 1.0
  • FireSIGHT pxGrid Agent 1.0
  • Microsoft CA 2008 R2 Enterprise

For configuring ISE pxGrid in a Distributed ISE environment, please see the link in the References section. Also included are links to How-To Deployment guides using CA-signed certificates and self-signed certificates using a MAC as a pxGrid client as reference.

Comments
Cisco Employee

Thanks for the reference! Huge help... but I could use a current version of the guide covering FMC 6.x and ISE 2.x. Do we have one available?

Cisco Employee

Hey Jeffrey,

I'm currently working on updating for FMC 6.1 and ISE 2.1. The biggest change is that everything is integrated there is no more pxGrid connection agent and remediation module to upload.  For now, you can use the How-to for FMC 6.0How To: Integrate Firepower Management Center (FMC) 6.0 with ISE and TrustSec through pxGrid for the initial setup (pxGrid remediation IS NOT supported in FMC 6.0, IS supported in FMC 6.1), you can use the FireSIGHT RTC guide to setup your correlation policies and assign remediation types.

Thanks,

John

jeppich@cisco.com

Cisco Employee

Thanks again John! Really a big help.

Contributor

Hi,

Thanks for the detailed How-To.

Is the integration also supported in version 6.2 ?

Thanks!

Matteo

Cisco Employee

Hey Matteo,

Yup, this integration is supported in FMC 6.2,

In the process of writing a more in-depth how-to

In the meanwhile, here's a how-to to integrate FMC 6.2 with ISE 2.2 Internal CA

https://communities.cisco.com/docs/DOC-71928- Using ISE 2.2 Internal Certificate Authority (CA) to Deploy Certificates to Cisco Platform Exchange Grid (pxGrid) Clients


Thanks,

John

jeppich@cisco.com

Contributor

Thank you John!