cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18229
Views
19
Helpful
1
Comments
jeppich
Cisco Employee
Cisco Employee

This document is for Cisco Engineers and customers deploying Cisco Stealthwatch 6.9 with Cisco Identity Service Engine (ISE 2.2 using Cisco platform Exchange Grid (pxGrid).   The reader should have some similarity with ISE and Cisco Stealthwatch and pxGrid.

Cisco Stealthwatch 6.9 no longer requires syslog information for obtaining contextual information, instead pxGrid is used.  The Cisco Stealthwatch Management Console will register as a pxGrid client and subscribe the ISE pxGrid node Session Directory topic to obtain the contextual information.

ISE 2.2 features an internal Certificate Authority (CA) for deploying pxGrid certificates. These pxGrid client certificates can be generated from ISE in either PEM or PKCS12 formats and imported into the Stealthwatch SSL Client store and ISE internal CA root certificate imported into the Stealthwatch CA store.  Additionally, certificates can be generated based on the Certificate Signing Requests (CSR).  These scenarios will be covered in this document.

This document starts using the preferred method of using the ISE 2.2 Internal CA for deploying pxGrid and Stealthwatch 6.9 using PKCS12 certificate format and then covers an external CA server deployment.

Self-signed certificate deployments and other ISE 2.2 internal CA configurations are covered under the Other Configurations Section.

Comments
toyip
Cisco Employee
Cisco Employee

One thing I ran into which was not mentioned anywhere in the document is that the ISE-Client docker service in the Stealthwatch Management Console (SMC) stopped running which disconnected the pXgrid connection between ISE and the SMC. So be sure the ISE-Client docker service is running in the Stealthwatch Management Console (SMC). It is a show stopper!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: