Full Cisco Secure Network Analytics Appliances Deployment and Integration with Cisco ISE using PXGrid for ANC and Automatic Response.
I finished to write a complete guide of Cisco Secure Network Analytics deployment, touching all components and appliances + Integration with Cisco ISE for ANC and Automatic Response / Quarantine. In addition some troubleshooting scenario about digitial certificate for pxGrid communication.
The document is organized as follow:
-Deploy the Cisco Secure Network Analytics Appliances from Scratch:
- SMC Console
- Flow Collector
- Cisco Telemetry Broker (Manager Node and Broker Node)
- Flow Sensor
- DataStore
-Integrate Cisco Secure Network Analytics with Cisco ISE user sessions sharing and ANC
- Digital certificates for PXGRID communication.
- Troubleshooting Digital Certificates Issues
- Generate a new ISE CA Provisioned Certificates ( Root CA certificate and a Node CA certificate ) for PXGRID when you have old ones expired in your existing deployement.
- Configure ANC Adaptive Network Control for Rapid Threat Containment RTC).
- Configure Global Exceptions and Local Exceptions Authorization Policies to override all authorization policies.
- Configure Automatic Response and quarantine when an alarm is raised on Cisco SMC.