Cisco ISE Attribute Reference
This reference lists the attributes that Device Security collects from Cisco ISE,
their names as stored in Device Security, and the Device Security fields they map to.
When
Device Security integrates with Cisco ISE, it imports network
access control data to support policy enforcement. The attributes in this reference
cover endpoint records, ERS (Endpoint Registration Service) attributes, and active
session data.
The third-party attribute name in Device Security refers to the attribute name
as it appears in the Assets Inventory table and in Query Engine. This follows the format
of third-party-name.attribute-name.
When viewing the attribute name in the Assets Inventory table column selector or on a
Device Details page, where the third-party name can be found as a header for the
attributes section, then the third-party name is removed from the attribute name.
For example, micrsoft_defender_xdr.macAddress would appear in the
Query Builder and in the Assets Inventory table, but under , the attribute would appear as macAddress.
Endpoint Attributes
Device Security collects endpoint attributes from the Cisco ISE Open API endpoints. Each record describes a network endpoint registered and profiled by Cisco ISE.
The following table lists each Cisco ISE attribute, its name as stored
in Device Security, and the Device Security field it maps to (if applicable).
Cisco ISE Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
assetConnectedLinks | cisco_ise.assetConnectedLinks | — | Asset connected links |
assetDeviceType | cisco_ise.assetDeviceType | — | Asset device type |
assetId | cisco_ise.assetId | — | Asset ID |
assetIpAddress | cisco_ise.assetIpAddress | — | Asset IP address |
assetName | cisco_ise.assetName | — | Asset name |
assetProductId | cisco_ise.assetProductId | — | Asset product ID |
assetProtocol | cisco_ise.assetProtocol | — | Asset protocol |
assetSerialNumber | cisco_ise.assetSerialNumber | — | Asset serial number |
assetSwRevision | cisco_ise.assetSwRevision | — | Asset software revision |
assetVendor | cisco_ise.assetVendor | — | Asset vendor |
customAttributes | cisco_ise.customAttributes | — | Custom attributes |
description | cisco_ise.description | Description | Description |
deviceType | cisco_ise.deviceType | — | Device type |
groupId | cisco_ise.groupId | — | Group ID |
hardwareRevision | cisco_ise.hardwareRevision | — | Hardware revision |
|
identityStore | cisco_ise.identityStore | — | Identity store |
identityStoreId | cisco_ise.identityStoreId | — | Identity store ID |
ipAddress | cisco_ise.ipAddress | ipv4_address | IP address |
mac | cisco_ise.mac | MAC; id | MAC address |
mdmAttributes | cisco_ise.mdmAttributes | — | MDM attributes |
name | cisco_ise.name | Hostname | Name |
portalUser | cisco_ise.portalUser | — | Portal user |
productId | cisco_ise.productId | — | Product ID |
profileId | cisco_ise.profileId | — | Profile ID |
protocol | cisco_ise.protocol | — | Protocol |
serialNumber | — | Serial Number | Serial number |
softwareRevision | cisco_ise.softwareRevision | — | Software revision |
staticGroupAssignment | cisco_ise.staticGroupAssignment | — | Static group assignment |
staticProfileAssignment | cisco_ise.staticProfileAssignment | — | Static profile assignment |
vendor | cisco_ise.vendor | Vendor | Vendor |
ERS (Endpoint Registration Service) Attributes
Device Security collects endpoint registration attributes from the Cisco ISE Endpoint Registration Service (ERS) API. Each record contains detailed endpoint configuration and registration data.
The following table lists each Cisco ISE attribute, its name as stored
in Device Security, and the Device Security field it maps to (if applicable).
Cisco ISE Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
mac | cisco_ise.mac | id | MAC address |
Session Attributes
Device Security collects session attributes from the Cisco ISE session API. Each record describes an active or recent authentication session for a network endpoint.
The following table lists each Cisco ISE attribute, its name as stored
in Device Security, and the Device Security field it maps to (if applicable).
Cisco ISE Attribute | Device Security Attribute Name | Device Security Common Attribute* | Description |
acs_server | cisco_ise.acs_server | — | ACS server |
auth_acs_timestamp | cisco_ise.auth_acs_timestamp | — | ACS authentication timestamp |
auth_id | cisco_ise.auth_id | — | Authentication ID |
authentication_method | cisco_ise.authentication_method | — | Authentication method |
authentication_protocol | cisco_ise.authentication_protocol | — | Authentication protocol |
calling_station_id | cisco_ise.calling_station_id | — | Calling station ID |
destination_ip_address | cisco_ise.destination_ip_address | — | Destination IP address |
device_ip_address | cisco_ise.device_ip_address | ipv4_address | Device IP address |
device_type | cisco_ise.device_type | — | Device type |
endpoint_policy | cisco_ise.endpoint_policy | — | Endpoint policy |
identity_store | cisco_ise.identity_store | — | Identity store |
location | cisco_ise.location | — | Location |
network_device_name | cisco_ise.network_device_name | — | Network device name |
orig_calling_station_id | — | id | Original calling station ID |
posture_status | cisco_ise.posture_status | — | Posture status |
selected_azn_profiles | cisco_ise.selected_azn_profiles | — | Selected authorization profiles |
user_name | cisco_ise.user_name | — | Username |
* Only some attributes map to a Device Security Common Attribute.
