Use the IoT Security integration with Cisco ISE pxGrid
to quarantine IoT devices of concern.
As an IoT Security user, you can selectively
quarantine devices through Cisco ISE pxGrid. In short, ISE quarantines
impacted devices by applying a policy that IoT Security generates
in one of its exception rules.
Let’s say you want to quarantine
a device because you saw an alert that concerns you. In the IoT
Security portal, use the
Quarantine via Cisco pxGrid
IoT Security sends a quarantine command through Cortex XSOAR, the
XSOAR engine, and pxGrid to ISE.
In response, ISE sends a
Disconnect-Request message to the switch through which the impacted
device accesses the network and disconnects it. When the device reconnects,
ISE checks the quarantine policy it received from IoT Security,
finds that it applies to the device requesting access, and assigns
it to a quarantine VLAN. The device remains in quarantine while
you investigate the cause of the alert. Once it’s resolved, you
can then use the Release via Cisco pxGrid option to return the device to
its regularly assigned VLAN.