Cisco Identity Solution Engine (ISE)
Integration Points
| Protocol | Information Discovered | Used For |
|---|---|---|
| Syslog | AAA log - authentication | Security and Compliance |
Event Types
In RESOURCES > Event Types, search for "Cisco-ISE" in the main content panel Search... field to see the event types associated with this device.
Configuration
Configuring Cisco ISE
Follow Cisco ISE documentation to send syslog to FortiSIEM.
Configuring FortiSIEM
FortiSIEM automatically recognizes Cisco ISE syslog as long it follows the following format as shown in the sample syslog:
<181>Sep 21 06:50:51 fcmb-hq-psn01 CISE_Passed_Authentications 0000066354 3 0 2016-09-21 06:50:51.516 +01:00 2915312533 5200 NOTICE Passed-Authentication: Authentication succeeded, ConfigVersionId=287, Device IP Address=1.1.1.1, DestinationIPAddress=1.1.1.2, DestinationPort=1812, UserName=00-15-65-20-33-E5, Protocol=Radius, RequestLatency=33, NetworkDeviceName=ACME, User-Name=johndoe, NAS-IP-Address=1.1.1.2, NAS-Port=50009, Service-Type=Call Check, Framed-IP-Address=1.1.1.2, Framed-MTU=1500, Called-Station-ID=38-1C-1A-87-87-09, Calling-Station-ID=00-15-65-20-33-E5, NAS-Port-Type=Ethernet, NAS-Port-Id=FastEthernet0/9, EAP-Key-Name=, cisco-av-pair=service-type=Call Check, cisco-av-pair=audit-session-id=AC1B35F8000001240FC38F8A, OriginalUserName=0015652033e5, AcsSessionID=fcmb-hq-psn01/251903157/22970712, AuthenticationIdentityStore=Internal Endpoints, AuthenticationMethod=Lookup, SelectedAccessService=Default Network Access, SelectedAuthorizationProfiles=IP_Phones,
Access Credentials
For Device Type Cisco Identity Solutions Engine, see Access Credentials.