Cisco ISE
Cisco Identity Services Engine (ISE) is a security policy management and control platform that enables enterprises to automate and enforce security policies across their wired, wireless, and VPN networks. It's designed to provide comprehensive, identity-based access control and security compliance for devices and users on a network.
- Installation
- Data Model
Installation
Configuration in Cisco ISE Platform
-
Navigate to the Cisco ISE Dashboard
-
Click on menú icon located in the top left corner.
-
Under "System", click on "Settings".
-
In the left bar, search for API settings.
-
Under API Settings -> API Service Settings -> API Service Settings for Primary Administration Node, you should enable "Open API (Read/Write)".
Required Permissions in Cisco ISE
The user account must have read-only access to the ERS (External RESTful Services) API:
- API Access: Open API must be enabled on the Primary Administration Node
- User Role: The account should be assigned an Admin role with at least Read-Only permissions
- Required API Access:
- Network Devices (
/ers/config/networkdevice) - to retrieve network device configurations - Network Device Groups (
/ers/config/networkdevicegroup) - to retrieve device groupings
- Network Devices (
The integration uses HTTP Basic authentication over HTTPS and accesses the ERS API endpoints. No write or modification permissions are required.
Configuration in JupiterOne
To install the Cisco ISE integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Cisco ISE. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
PAN URL: your PAN URL of the Primary Administration Node's address in a Cisco ISE deployment. Please do not include the http protocol (Ex: devnetsandbox.cisco.com). If you are using an non-standard port you can include it at the end of the url (Ex: devnetsandbox.cisco.com:9060)
-
Username: the username used for authentication.
-
Password: the password used for authentication.
-
The Account Name used to identify the Cisco ISE account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Data Source Settigns: here you will be able to customize the steps to be ingested. If desired, specific steps can be enabled/disabled from here.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | cisco_ise_account | Account |
| Network Device | cisco_ise_network_device | NetworkEndpoint |
| Network Device Group | cisco_ise_network_device_group | Group |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
cisco_ise_network_device_group | HAS | cisco_ise_network_device |