This document is for intended for Cisco engineers and customers who are interested in deploying FireSIGHT Management Center (5.4) with Cisco Identity Service Engine (ISE 1.3 or higher) using (platform exchange Grid) pxGrid’s Adaptive Network Control (ANC) mitigation actions to take action on the endpoint. Please note that this is for FireSIGHT Management Center 5.4 only and not for FireSIGHT Management Center 6.0.
This document provides details on the configuration of FireSIGHT Management Center using ISE in a stand-alone environment using self-signed certificates and also using Certificate Authority (CA)-signed certificates with pxGrid enabled. The pxGrid remediation module, pxGrid agent installation and configuration details are covered. The pxGrid remediation module provides the pxGrid ANC mitigation features: quarantine, portbounce, portshut, reauthenticate, terminate and unquarantine. The pxGrid agent provides the certificate information and ISE pxGrid node connection information between the FireSIGHT Management Center and the ISE pxGrid node. Correlation policies, rules, remediation types are defined for each ANC mitigation action type.
The reader should have some familiarity with the FireSIGHT Management Center and the Identity Service Engine (ISE) access control system. It is assumed that FireSIGHT Management Center 5.4 and a standalone ISE 1.3 or ISE 1.4 environment is installed. FireSIGHT Management Center 5.4 was also tested on ISE 2.0.
The following software versions were used for the testing of this document:
FireSIGHT Management Center 5.4
FireSIGHT Appliance Virtual Sensor 5.4
Cisco Identity Services Engine ISE 1.3 and ISE 1.4
FireSIGHT pxGrid remediation module 1.0
FireSIGHT pxGrid Agent 1.0
Microsoft CA 2008 R2 Enterprise
For configuring ISE pxGrid in a Distributed ISE environment, please see the link in the References section. Also included are links to How-To Deployment guides using CA-signed certificates and self-signed certificates using a MAC as a pxGrid client as reference.
Hello Cisco Community, We recently check in the VPN the communication is not working well.We received these errors: Group = x.x.x.x, IP = x.x.x.x, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 172.29.180.0/255...
What is the purpose of Stealthwatch domains? What I was hoping it would do is isolate Flow Collectors, alarms, policies, etc., but it doesn't look like this is the case; at least in the Web UI. -Thanks
ASA 9.8.3I'm trying to setup certificate-based authentication for AnyConnect and running into errors "CRYPTO_PKI: No Tunnel Group Match for peer certificate. CERT_API: Unable to find tunnel group for cert using rules (SSL)" AND "CRYPTO_PKI: No suita...
What happens if you try and load ISE 2.4 code on a 3495? Are there any warnings or preventions?
Also, will the URT tool flag you if you try and upgrade a 3495 to 2.4 when you run URT on it?
I had a customer load 2.4 on a 3495 and I ...
In current customer scenario , customer have following.50 devices ( laptop / mobile )- All devices are independent with windows 10 and logging into Azure AD/ Office 365- No Domain Controller onsite- User travel with laptop / mobile / tablet- Users a...