Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
4
Replies

Query on pxGrid with TACACS?

Go to solution
jogrove
Cisco Employee
Cisco Employee

‎06-13-2018 01:21 AM

In a small ISE deployment used for TACACS only, if it were to be integrated to Stealthwatch using pxGrid what if any useful information would be provided to Stealthwatch?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎06-13-2018 02:00 AM

Not sure if I understand the query !

The use case with stealthwatch is that we have correlation between which endpoint is sending what pattern of traffic and if stealthwatch detects any anomaly, the request is sent to ISE to put the endpoint in quarantine access.

ISE provides context information for the endpoint and ability to control the access for these endpoints.

Hope this helps.


Thanks,

Nidhi

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎06-13-2018 02:00 AM

Not sure if I understand the query !

The use case with stealthwatch is that we have correlation between which endpoint is sending what pattern of traffic and if stealthwatch detects any anomaly, the request is sent to ISE to put the endpoint in quarantine access.

ISE provides context information for the endpoint and ability to control the access for these endpoints.

Hope this helps.


Thanks,

Nidhi

0 Helpful

Go to solution
jogrove
Cisco Employee
Cisco Employee
In response to Nidhi

‎06-13-2018 02:24 AM

Hi Nidhi,

I understand the normal integration, but in this scenario the customer is only using ISE for device administration (TACACS) but their security department wants to integrate it with Stealthwatch which will mean them having to buy a small number of plus licenses. As this deployment is only TACACS I am not convinced they will get any value from the integration and will effectively waste money buying plus licenses. I wanted to understand if there is any value in integrating with Stealthwatch in a TACACS only deployment?

Hope that makes more sense!

Thanks

John

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-13-2018 04:38 AM

Pxgrid is for sharing context visibility information of your user endpoint devices (who what when where how of the user and it’s device) not for devices used for device administration

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-13-2018 04:42 AM

Please keep in mind maybe you can push them towards device user auth with radius and show them that value with their small number of plus licenses

Also they might be able to integrate using passive identity and maybe even easy connect down the road to further enhance the stealthwatch dashboard

0 Helpful
Customers Also Viewed These Support Documents