Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Cisco Identity Solution Engine (ISE)

Integration Points

Protocol Information Discovered Used For
Syslog AAA log - authentication Security and Compliance

Event Types

In RESOURCES > Event Types, search for "Cisco-ISE" in the main content panel Search... field to see the event types associated with this device.

Configuration

Configuring Cisco ISE

Follow Cisco ISE documentation to send syslog to FortiSIEM.

Configuring FortiSIEM

FortiSIEM automatically recognizes Cisco ISE syslog as long it follows the following format as shown in the sample syslog:

<181>Sep 21 06:50:51 fcmb-hq-psn01 CISE_Passed_Authentications 0000066354 3 0 2016-09-21 06:50:51.516 +01:00 2915312533 5200 NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=287, Device IP Address=1.1.1.1, DestinationIPAddress=1.1.1.2, DestinationPort=1812, UserName=00-15-65-20-33-E5, Protocol=Radius, RequestLatency=33, NetworkDeviceName=ACME, User-Name=johndoe, NAS-IP-Address=1.1.1.2, NAS-Port=50009, Service-Type=Call Check, Framed-IP-Address=1.1.1.2, Framed-MTU=1500, Called-Station-ID=38-1C-1A-87-87-09, Calling-Station-ID=00-15-65-20-33-E5, NAS-Port-Type=Ethernet, NAS-Port-Id=FastEthernet0/9, EAP-Key-Name=, cisco-av-pair=service-type=Call Check, cisco-av-pair=audit-session-id=AC1B35F8000001240FC38F8A, OriginalUserName=0015652033e5, AcsSessionID=fcmb-hq-psn01/251903157/22970712, AuthenticationIdentityStore=Internal Endpoints, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=IP_Phones,

Access Credentials

For Device Type Cisco Identity Solutions Engine, see Access Credentials.

Cisco Identity Solution Engine (ISE)

Integration Points

Protocol Information Discovered Used For
Syslog AAA log - authentication Security and Compliance

Event Types

In RESOURCES > Event Types, search for "Cisco-ISE" in the main content panel Search... field to see the event types associated with this device.

Configuration

Configuring Cisco ISE

Follow Cisco ISE documentation to send syslog to FortiSIEM.

Configuring FortiSIEM

FortiSIEM automatically recognizes Cisco ISE syslog as long it follows the following format as shown in the sample syslog:

<181>Sep 21 06:50:51 fcmb-hq-psn01 CISE_Passed_Authentications 0000066354 3 0 2016-09-21 06:50:51.516 +01:00 2915312533 5200 NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=287, Device IP Address=1.1.1.1, DestinationIPAddress=1.1.1.2, DestinationPort=1812, UserName=00-15-65-20-33-E5, Protocol=Radius, RequestLatency=33, NetworkDeviceName=ACME, User-Name=johndoe, NAS-IP-Address=1.1.1.2, NAS-Port=50009, Service-Type=Call Check, Framed-IP-Address=1.1.1.2, Framed-MTU=1500, Called-Station-ID=38-1C-1A-87-87-09, Calling-Station-ID=00-15-65-20-33-E5, NAS-Port-Type=Ethernet, NAS-Port-Id=FastEthernet0/9, EAP-Key-Name=, cisco-av-pair=service-type=Call Check, cisco-av-pair=audit-session-id=AC1B35F8000001240FC38F8A, OriginalUserName=0015652033e5, AcsSessionID=fcmb-hq-psn01/251903157/22970712, AuthenticationIdentityStore=Internal Endpoints, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=IP_Phones,

Access Credentials

For Device Type Cisco Identity Solutions Engine, see Access Credentials.