Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2348
Views
1
Helpful
7
Replies

Support for ISE connector for Arcsight

Go to solution
mstangal
Cisco Employee
Cisco Employee

‎02-15-2018 09:56 AM

Hi all,

together with the customer we are working on the integration between ISE and ArcSignt. We are in touch with the Microfocus account team and they are keen to develop a custom connector for ISE but they are asking us some detailed info about our logs.
They would need a complete description of every field available in our logs and a bunch of logs they could use to test the connector.

Can we help them?

Best regards,
Marco

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to mstangal

‎02-15-2018 11:31 AM

Product Announcement: ArcSight SmartConnector Build 6.0.7.6901 is now available for downlo... - Micro Focus SW Community

MicroFocus should be aware of this integration.  As you can see, the specific announcement above is from their Community.

It should work fine and was initially tested with ISE 1.2, but we do not test every subsequent release of ISE with every subsequent version of the 3rd-party vendor's connector/product, so recommend validate with your specific combination.

Craig

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Craig Hyps
Level 10
Level 10

‎02-15-2018 10:46 AM

ArcSight already has integration with ISE in SmartConnector Release 6.0.7.6901.

0 Helpful

Go to solution
mstangal
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎02-15-2018 10:49 AM

Smartconnector is an Arcsight product?

Does is work with every ISE release? We need the latest because it’s a DNA project.

Thanks

Marco

---

Marco Stangalino

: mstangal@cisco.com<mailto:mstangal@cisco.com>

: +39 3357619480

Il giorno 15 feb 2018, alle ore 19:46, chyps <community@cisco.com<mailto:community@cisco.com>> ha scritto:

Cisco Communities <https://communities.cisco.com/>

Support for ISE connector for Arcsight

reply from chyps<https://communities.cisco.com/people/chyps> in Technology > Security > Policy and Access > Identity Services Engine (ISE) - View the full discussion<https://communities.cisco.com/message/282209#282209>

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to mstangal

‎02-15-2018 11:31 AM

Product Announcement: ArcSight SmartConnector Build 6.0.7.6901 is now available for downlo... - Micro Focus SW Community

MicroFocus should be aware of this integration.  As you can see, the specific announcement above is from their Community.

It should work fine and was initially tested with ISE 1.2, but we do not test every subsequent release of ISE with every subsequent version of the 3rd-party vendor's connector/product, so recommend validate with your specific combination.

Craig

0 Helpful

Go to solution
mstangal
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎02-20-2018 01:11 AM

Hi Craig,

I’ve shared the info with the customer and they confirm it’s a good starting point. But they are going to install the latest release of ISE (2.3 or even 2.4) because we are working on a full Fabric project requiring the integration of DNA-C and Stealthwatch 6.10.

They would then need to know all the differences that we have introduced from 1.3 to now to let them build an updated version of the connector. If you are available we could also arrange a quick call between us, the customer and Microfocus to better clarify their needs.

Thanks,

Marco

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to mstangal

‎02-20-2018 10:30 AM

I posted the message catalog for ISE 2.1 - 2.3 to Community last month.  See: ISE 2.3 Logging Message Catalog

Message catalogs for older versions are posted to ISE docs here: Cisco Identity Services Engine - Error and System Messages - Cisco

We do not publish deltas, but expect 2.3 catalog to be superset.   Existing parsers provided in ArcSight SmartConnector should work with ISE 2.3.  You could also perform a diff, or simply check for net-new message IDs to determine what has been added since 1.3.

I highly recommend setting up ISE 2.3 up in lab and testing with ArcSight to validate expected/desired behavior.

Regards,

Craig

0 Helpful

Go to solution
mstangal
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎02-21-2018 09:02 AM

Hi Craig,

thanks a lot. I’ve shared the documents with Microfocus and they are perfect to customise the connector. They are also asking us if we have already a bunch of “real” logs they can use to test the connector in a pseudo real life. The reason is that a PoC installation of ISE would be quite silent while they would like to parse as many real logs as possible.

Thanks,

Marco

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to mstangal

‎02-21-2018 10:44 AM

I am not aware of a library of sample logs. Certainly samples would be function specific.  I recommend they review the net-new features they plan to use and begin performing proof-of-concept testing to both validate new features they plan to enable, as well as trigger related events.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents