Set up Cisco ISE to Identify IoT Devices
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Set up Cisco ISE to Identify IoT Devices
Integrate IoT Security with Cisco ISE to identify IoT
devices for VLAN segmentation.
To send IoT device data to ISE, configure
the following on your Cisco ISE system:
- Enable External RESTful Services (ERS) with read/write permission
- Create an ERS admin user account that the XSOAR engine will use to authenticate itself to ISE when sending it data
- Create custom endpoint attributes for the IoT device data IoT Security sends
Cisco ISE configuration
instructions are based on Cisco Identity Services Engine version
2.4.
- Enable External RESTful Services.Log in to the Cisco Identity Services Engine management interface, click, selectAdministrationSystemSettingsERS SettingsEnable ERS for Read/Writein the ERS Setting for Primary Administration Node section, and then clickSave.The setting in ERS Setting for All Other Nodes is not relevant to IoT Security integration.
- Create an ERS admin account.
- Clickand then clickAdministrationSystemAdmin AccessAdministratorsAdmin Users.AddCreate an Admin User
- Enter the following on the New Administrator page and leave the other settings as they are:Name: Enter a name for the admin user account. This is the account that the XSOAR engine will use when making an HTTPS connection to the Cisco ISE system.Status:EnabledPasswordandRe-Enter Password: Enter a password for the admin user account.Admin Groups:ERS Admin(This is a predefined admin group.)
- Submitthe configuration.
- Create custom IoT Security attributes.
- Click, enterAdministrationIdentity ManagementSettingsEndpoint Custom AttributesPanwIoTProfilein the Attribute name field, chooseStringfrom the Type drop-down list, and then clickSave.If you want to enter a different attribute name for the profile here, change the attribute name for the profile in Cortex XSOAR so they match each other. Similarly, if you customize any other attribute names in ISE, change the default names for their corresponding attributes in XSOAR. The attribute names are editable in the incremental and bulk export job settings for Cisco ISE in the Cortex XSOAR module. See Configure IoT Security and Cortex XSOAR.
- Add the more endpoint custom attributes, such as the following:PanwIoTProfile, PanwIoTIP, PanwIoTCategory, PanwIoTRiskScore, PanwIoTConfidence, PanwIoTTag, PanwIoTHostname, PanwIoTOS, PanwIoTModel, PanwIoTVendor, PanwIoTSerial, PanwIoTEPP, PanwIoTInternetAccess, PanwIoTAET
- Continue adding more custom endpoint attributes to ISE with names that match the attributes that IoT Security sends through Cortex XSOAR.
- When done,Savethe configuration.
Example: Assign VLANs by Device Type
Segmenting, or microsegmenting, your network
into VLANs by device type creates barriers that can thwart intruders
from moving laterally and slow down their reconnaissance efforts,
giving yourself more time to discover and respond to the intrusion.
IoT Security can assist in microsegmentation by coordinating with
Cisco ISE. IoT Security formulates IoT device profiles and then shares
them with ISE so that it can assign devices to VLANs based on these profiles.
- Download a list of IoT device profiles.
- In the IoT Security profile, clickProfiles, optionally apply filters to display the device profiles you want to use, select them all by selecting the check box in the heading column, and then clickDownload.
- Save the downloaded .csv file and open it so you can copy IoT device profile names and paste them into the Cisco ISE interface.
- Log in to Cisco ISE and create a condition for an exception rule.
- Click, enter the following in Editor:PolicyPolicy ElementsConditionsLibrary ConditionsClick to add an attribute:EndpointsPanwIoTProfileOperator:EqualsAttribute value: Paste the IoT device profile name.
- Savethe configuration.
- In the Save condition dialog box, selectSave as a new Library Condition, paste the profile name in the Condition Name field, and thenSavethe condition.The name of a library condition can contain letters, numbers, hyphens, underscores, periods, and spaces. If the IoT device profile name has any other characters such as parentheses, either remove or replace them with characters that are supported.
- Repeat these steps for all the other IoT device profiles.
- Create authorization profiles that allow IoT devices to access the network, permit them to send and receive network traffic, and associate their device profiles with unique VLAN IDs.
- Clickand then clickPolicyPolicy ElementsResultsAuthorizationAuthorization ProfilesAdd.
- Enter settings like those described below and leave the other settings at their default values:Name: Enter a name for the authorization profile; for example,Crestron Touch Screen Device.Access Type:ACCESS_ACCEPTDACL Name:PERMIT_ALL_TRAFFICVLAN: (select); Tag ID: 1;ID/Name:2001, where 2001 is the ID number of the VLAN to which you want to assign all Crestron touch screen devices.
- Submitthe settings.
- Repeat these steps to create authorization profiles that assign each IoT device profile to a unique VLAN.
- Create authorization policy exception rules to assign devices to VLANs based on IoT device profile data.
- Clickand then click thePolicyPolicy SetsArrowicon (>) to modify your existing policy set.
- ExpandAuthorization Policy - Local Exceptions, click thePlusicon (+) to add an exception rule, and then click thePlusicon (+) to add a condition.
- Click-drag one of the conditions you created from the Library into the Editor and then clickUse.
- In Results-Profiles, choose the authorization profile you created for this condition.
- Repeat these steps to add more exception rules. When devices with these IoT device profiles join the network and request access permission from Cisco ISE, ISE will automatically assign them to appropriate VLANs.
- When done,Savethe configuration.