cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology

3607
Views
2
Helpful
2
Comments

This document is for Cisco Engineers and customers deploying Cisco Threat Centric NAC using Cisco Advanced Malware Protection (AMP) for Endpoints in the Cloud (FireAMP v5.3.2016072523 or greater) with Cisco Identity Services Engine (ISE) 2.1.   ISE needs an APEX license for the ability to subscribe to the Cloud AMP for Endpoints.

Cisco AMP for Endpoint integration does not use Cisco platform Exchange Grid (pxGrid) for ISE integration, instead it uses Structured Threat Information Expression (STIX). STIX is an information exchange language and used to exchange cyber threat intelligence with organizations. It allows a common framework for organizations to share cyber threat information and adapt quicker to computer-based attacks.

Cisco Threat Centric NAC using Cisco AMP for Endpoints in the Cloud also falls into the Rapid Threat Containment category.  Cisco Security Solutions and Ecosystem and CSTA partner solutions that fall into this category use Adaptive Network Control (ANC) mitigation actions to respond to or contain threats by issuing mitigation actions either from pxGrid, ISE EPS RESTful API or STIX. 

Comments
Beginner

I am receiving the following error when trying to register Cisco ISE with Europe AMP cloud.

 
AMP
Errors: 
* Error while trying to register. Please wait 10 minutes before trying again.

Is there a workaround for the listed error above?

Cisco Employee
Hey Maurice,

You are most like likely, hitting this bug: CSCvo76914 - ISE - Update AMP URL in TC-NAC provider, please unicast me your email information. I will check to see if I can get more information on when a fix will be available.
Thanks,
John
jeppich@cisco.com