Cisco Identity Solution Engine (ISE)
- Integration points
- Configuring Cisco ISE
- Configuring FortiSIEM
- Access Credentials
- Parsing and Events
Integration points
| Protocol | Information Discovered | Used For |
|---|---|---|
| Syslog | AAA log - authentication | Security and Compliance |
Configuring Cisco ISE
Follow Cisco ISE documentation to send syslog to FortiSIEM.
Configuring FortiSIEM
FortiSIEM automatically recognizes Cisco ISE syslog as long it follows the following format as shown in the sample syslog:
<181>Sep 21 06:50:51 fcmb-hq-psn01 CISE_Passed_Authentications 0000066354 3 0 2016-09-21 06:50:51.516 +01:00 2915312533 5200 NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=287, Device IP Address=1.1.1.1, DestinationIPAddress=1.1.1.2, DestinationPort=1812, UserName=00-15-65-20-33-E5, Protocol=Radius, RequestLatency=33, NetworkDeviceName=ACME, User-Name=johndoe, NAS-IP-Address=1.1.1.2, NAS-Port=50009, Service-Type=Call Check, Framed-IP-Address=1.1.1.2, Framed-MTU=1500, Called-Station-ID=38-1C-1A-87-87-09, Calling-Station-ID=00-15-65-20-33-E5, NAS-Port-Type=Ethernet, NAS-Port-Id=FastEthernet0/9, EAP-Key-Name=, cisco-av-pair=service-type=Call Check, cisco-av-pair=audit-session-id=AC1B35F8000001240FC38F8A, OriginalUserName=0015652033e5, AcsSessionID=fcmb-hq-psn01/251903157/22970712, AuthenticationIdentityStore=Internal Endpoints, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=IP_Phones,
Access Credentials
For Device Type Cisco Identity Solutions Engine, see Access Credentials.
Parsing and Events
Over 20 events are parsed – see event Types in Resources > Event Types and search for 'Cisco-ISE'.