Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
11983
Views
16
Helpful
4
Comments

McAfee DXL and Cisco pxGrid Integration

jeppich
Cisco Employee
Cisco Employee

on ‎12-05-2017 07:06 PM - edited on ‎02-03-2021 08:53 AM by Cisco Employee

Feb 2021 - please note this is on older pxGrid 1.0 technology. Vendors should be moving to pxGrid 2.0 and ISE 2.7 as latest recommended release.

pxGrid 1.0 will be going away and is only in maintenance mode as of ISE 3.0

This document should be archived eventually as no longer recommended

 

This document is for Cisco Engineers, McAfee Engineers, partners and customers deploying McAfee Data Exchange Layer (DXL) Broker 4.0., McAfee ePolicy Orchestrator (ePO 5.9) with Cisco Platform Exchange Grid (pxGrid) using Cisco Identity Services Engine (ISE 2.3).

This document illustrates the steps required to configure the use cases below. This document also includes the following use cases:

n An Eicar Virus is detected on the endpoint, McAfee ePO generates an automated response where the McAfee DXL broker triggers an ISE pxGrid Adaptive Network Control (ANC) mitigation action, quarantining the endpoint in ISE.

This is a basic use case and illustrates the integration between McAfee DXL broker and Cisco ISE pxGrid node.

n The McAfee DXL broker python client receives ISE ANC “quarantined policy” notifications through Cisco pxGrid and McAfee ePO assigns a policy tag of “quarantined” to the endpoint when a violation in the ISE ANC policy occurs. Once this endpoint has been tagged by McAfee ePO, McAfee ePO can take manual action as defied by the McAfee ePO admin.

This use case is more advanced and is optional.

n The endpoint does not have the McAfee agent installed, ISE posture will detect this, and deem the endpoint non-compliant. A remediation link will be provided to the end-user via ePO to download and install the application. Once ISE detects that the McAfee ePO is installed, the endpoint is now compliant and granted full network access.

This use case is more advanced and is optional

n An employee-owned laptop goes through the organization’s on-boarding process to satisfy the organization’s BYOD initiative. The EPO admin can then install on the endpoint centrally or manually by the by the end- user.

This use case is more advanced and is optional

 

Preview file
22689 KB
Comments
Troja007
Cisco Employee
Cisco Employee
‎08-26-2018 11:35 PM

Here is the link to McAfee´s solution brief. 
https://www.mcafee.com/enterprise/en-us/assets/solution-briefs/sb-cisco-dxl.pdf

Cheers

 

 

probert2
Cisco Employee
Cisco Employee
‎02-03-2021 06:56 AM

is this still a valid/current integration ? - assuming yes, any newer docs on this please ?

Jason Kunst
Cisco Employee
Cisco Employee
‎02-03-2021 08:46 AM
Please reach out to the vendor to provide any updates on this. The docs will be provided by them. If you hear anything let us know. Last I spoke with them they were running pxGrid 1.0 on ISE 2.1. they will need to move to ISE 2.4+ higher support with pxGrid 2.0
Blackhawk1278
Level 1
Level 1
‎10-26-2021 11:19 AM

In case anyone else is wondering I looked up whether Mcafee is supporting pxgrid 2.0 and found this article

https://kc.mcafee.com/corporate/index?page=content&id=KB89737

Hope that helps

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents