Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.

This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-cisco-ise

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of Cisco ISE server to which you will connect and perform automated operations and credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the connectors page, select the Cisco ISE connector and click Configure to configure the following parameters:

Parameter Description
Server URL IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations.
Username Username to access the Cisco ISE to which you will connect and perform the automated operations.
Password Password to access the Cisco ISE server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
List All Active Sessions Retrieves a list of all active sessions from Cisco ISE. list_active_sessions
Investigation
IP Address Quarantine Quarantines an IP address that you have specified on Cisco ISE. quarantine_ip
Containment
MAC Address Quarantine Quarantines a MAC address that you have specified on Cisco ISE. quarantine_mac
Containment
IP Address Un-Quarantine Removes an IP address that you have specified from the quarantine list on Cisco ISE. unquarantine_ip
Containment
MAC Address Un-Quarantine Removes a MAC address that you have specified from the quarantine list on Cisco ISE. unquarantine_mac
Containment
End a target MAC address's session Ends a session of the MAC address that you have specified on Cisco ISE. end_session
Miscellaneous
MAC Address Log Out Logs off a session of the MAC address that you have specified on Cisco ISE. logoff_session
Miscellaneous

operation: List All Active Sessions

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: IP Address Quarantine

Input parameters

Parameter Description
Target IP Address Specify the IP address of the device to quarantine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: MAC Address Quarantine

Input parameters

Parameter Description
Target MAC Address Specify the MAC address of the device to quarantine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: IP Address Un-Quarantine

Input parameters

Parameter Description
Target IP Address Specify the IP address of the device to un-quarantine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: MAC Address Un-Quarantine

Input parameters

Parameter Description
Target MAC Address Specify the MAC address of the device to un-quarantine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: End a target MAC address session

Input parameters

Parameter Description
Target MAC Address Specify the MAC address to end the session.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: MAC Address Log Out

Input parameters

Parameter Description
Target MAC Address Specify the MAC address to log out.
Target Server Address Specify server address to log out target machine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

Included playbooks

The Sample - Cisco ISE - 1.0.0 playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.

  • End a target MAC address session
  • IP Address Quarantine
  • IP Address Un-Quarantine
  • List All Active Sessions
  • MAC Address Log Out
  • MAC Address Quarantine
  • MAC Address Un-Quarantine

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.

This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-cisco-ise

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the connectors page, select the Cisco ISE connector and click Configure to configure the following parameters:

Parameter Description
Server URL IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations.
Username Username to access the Cisco ISE to which you will connect and perform the automated operations.
Password Password to access the Cisco ISE server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
List All Active Sessions Retrieves a list of all active sessions from Cisco ISE. list_active_sessions
Investigation
IP Address Quarantine Quarantines an IP address that you have specified on Cisco ISE. quarantine_ip
Containment
MAC Address Quarantine Quarantines a MAC address that you have specified on Cisco ISE. quarantine_mac
Containment
IP Address Un-Quarantine Removes an IP address that you have specified from the quarantine list on Cisco ISE. unquarantine_ip
Containment
MAC Address Un-Quarantine Removes a MAC address that you have specified from the quarantine list on Cisco ISE. unquarantine_mac
Containment
End a target MAC address's session Ends a session of the MAC address that you have specified on Cisco ISE. end_session
Miscellaneous
MAC Address Log Out Logs off a session of the MAC address that you have specified on Cisco ISE. logoff_session
Miscellaneous

operation: List All Active Sessions

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: IP Address Quarantine

Input parameters

Parameter Description
Target IP Address Specify the IP address of the device to quarantine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: MAC Address Quarantine

Input parameters

Parameter Description
Target MAC Address Specify the MAC address of the device to quarantine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: IP Address Un-Quarantine

Input parameters

Parameter Description
Target IP Address Specify the IP address of the device to un-quarantine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: MAC Address Un-Quarantine

Input parameters

Parameter Description
Target MAC Address Specify the MAC address of the device to un-quarantine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: End a target MAC address session

Input parameters

Parameter Description
Target MAC Address Specify the MAC address to end the session.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: MAC Address Log Out

Input parameters

Parameter Description
Target MAC Address Specify the MAC address to log out.
Target Server Address Specify server address to log out target machine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

Included playbooks

The Sample - Cisco ISE - 1.0.0 playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.