Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
1
Replies

AMP and McAfee - Response

Go to solution
Jason Maynard
Cisco Employee
Cisco Employee

‎06-14-2018 09:53 PM

Hi Folks,

Looking for confirmation -

  • When leveraging eAMP and integration with ISE. If the asset once authenticated using 802.1x is found at any point to be classified as catastrophic does ISE automated the response using COA - EX: moves the asset into a quarantined VLAN and adds a DACL - this could also assign an SGT but is not required... or is this a manual action one has to take.

  • When leveraging McAfee and DXL and integration with ISE. If the asset once authenticated using 802.1x is found at any point to be classified as catastrophic does ISE automated the response using COA - EX: moves the asset into a quarantined VLAN and adds a DACL - this could also assign an SGT but is not required... or is this a manual action one has to take.

Thanks,

Jason

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎06-15-2018 06:31 AM

Hi Jason,

with AMP, the CoA action is manual. but if ISE is integration with FMC, this will be automatic.

regarding integration with DXL, there are couple of use cases. you can refer to the link here to understand the mitigation action - McAfee DXL and Cisco pxGrid Integration

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎06-15-2018 06:31 AM

Hi Jason,

with AMP, the CoA action is manual. but if ISE is integration with FMC, this will be automatic.

regarding integration with DXL, there are couple of use cases. you can refer to the link here to understand the mitigation action - McAfee DXL and Cisco pxGrid Integration

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents