Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
7723
Views
2
Helpful
2
Comments

How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology

jeppich
Cisco Employee
Cisco Employee

on ‎09-14-2016 05:07 PM

This document is for Cisco Engineers and customers deploying Cisco Threat Centric NAC using Cisco Advanced Malware Protection (AMP) for Endpoints in the Cloud (FireAMP v5.3.2016072523 or greater) with Cisco Identity Services Engine (ISE) 2.1.   ISE needs an APEX license for the ability to subscribe to the Cloud AMP for Endpoints.

Cisco AMP for Endpoint integration does not use Cisco platform Exchange Grid (pxGrid) for ISE integration, instead it uses Structured Threat Information Expression (STIX). STIX is an information exchange language and used to exchange cyber threat intelligence with organizations. It allows a common framework for organizations to share cyber threat information and adapt quicker to computer-based attacks.

Cisco Threat Centric NAC using Cisco AMP for Endpoints in the Cloud also falls into the Rapid Threat Containment category.  Cisco Security Solutions and Ecosystem and CSTA partner solutions that fall into this category use Adaptive Network Control (ANC) mitigation actions to respond to or contain threats by issuing mitigation actions either from pxGrid, ISE EPS RESTful API or STIX. 

Preview file
5398 KB
Comments
Maurice Ball
Level 3
Level 3
‎05-02-2019 11:21 AM

I am receiving the following error when trying to register Cisco ISE with Europe AMP cloud.

 
AMP
Errors: 
* Error while trying to register. Please wait 10 minutes before trying again.

Is there a workaround for the listed error above?

jeppich
Cisco Employee
Cisco Employee
‎05-02-2019 01:35 PM
Hey Maurice,

You are most like likely, hitting this bug: CSCvo76914 - ISE - Update AMP URL in TC-NAC provider, please unicast me your email information. I will check to see if I can get more information on when a fix will be available.
Thanks,
John
jeppich@cisco.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents