This document is for intended for Cisco engineers and customers who are interested in deploying FireSIGHT Management Center (5.4) with Cisco Identity Service Engine (ISE 1.3 or higher) using (platform exchange Grid) pxGrid’s Adaptive Network Control (ANC) mitigation actions to take action on the endpoint. Please note that this is for FireSIGHT Management Center 5.4 only and not for FireSIGHT Management Center 6.0.
This document provides details on the configuration of FireSIGHT Management Center using ISE in a stand-alone environment using self-signed certificates and also using Certificate Authority (CA)-signed certificates with pxGrid enabled. The pxGrid remediation module, pxGrid agent installation and configuration details are covered. The pxGrid remediation module provides the pxGrid ANC mitigation features: quarantine, portbounce, portshut, reauthenticate, terminate and unquarantine. The pxGrid agent provides the certificate information and ISE pxGrid node connection information between the FireSIGHT Management Center and the ISE pxGrid node. Correlation policies, rules, remediation types are defined for each ANC mitigation action type.
The reader should have some familiarity with the FireSIGHT Management Center and the Identity Service Engine (ISE) access control system. It is assumed that FireSIGHT Management Center 5.4 and a standalone ISE 1.3 or ISE 1.4 environment is installed. FireSIGHT Management Center 5.4 was also tested on ISE 2.0.
The following software versions were used for the testing of this document:
FireSIGHT Management Center 5.4
FireSIGHT Appliance Virtual Sensor 5.4
Cisco Identity Services Engine ISE 1.3 and ISE 1.4
FireSIGHT pxGrid remediation module 1.0
FireSIGHT pxGrid Agent 1.0
Microsoft CA 2008 R2 Enterprise
For configuring ISE pxGrid in a Distributed ISE environment, please see the link in the References section. Also included are links to How-To Deployment guides using CA-signed certificates and self-signed certificates using a MAC as a pxGrid client as reference.
Hi Experts, Under the configuration on ISE for Active Directory integration, Administration > Identity Management > External Identity Sources > Active Directory, I don't see the options to use "LDAP Secure" ( such as port 636). I assumed, wi...
Hello All, ISE: v220.127.116.118 Patch 3We are going to be moving from Symantec AV to CrowdStrike AV. I believe the product is called Falcon and it's currently on Version 5.Looking through the Posture Conditions in ISE, I only see options for:- ANY- ...
We are trying to do a Proof of Concept for a migration to Azure. I've signed up for the free 30day/$250 credits Azure trial and successfully deployed an ASAv. The ASAv is unlicensed for now, and has a trial license with a 100KB throughput...
Greeting everybody, I am trying to access the ASA from it's inside interface while the remote client is connected via Anyconnect. But I am able to access the behind Lan of ASA.Below are my configurations:ip local pool admin 172.16.1.10-172.16.20.100o...