About the connector
Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.
This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.
Version information
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
Installing the connector
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-cisco-ise
For the detailed procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the URL of Cisco ISE server to which you will connect and perform automated operations and credentials to access that server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the connectors page, select the Cisco ISE connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Server URL |
IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations. |
| Username |
Username to access the Cisco ISE to which you will connect and perform the automated operations. |
| Password |
Password to access the Cisco ISE server to which you will connect and perform the automated operations. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| List All Active Sessions |
Retrieves a list of all active sessions from Cisco ISE. |
list_active_sessions
Investigation |
| IP Address Quarantine |
Quarantines an IP address that you have specified on Cisco ISE. |
quarantine_ip
Containment |
| MAC Address Quarantine |
Quarantines a MAC address that you have specified on Cisco ISE. |
quarantine_mac
Containment |
| IP Address Un-Quarantine |
Removes an IP address that you have specified from the quarantine list on Cisco ISE. |
unquarantine_ip
Containment |
| MAC Address Un-Quarantine |
Removes a MAC address that you have specified from the quarantine list on Cisco ISE. |
unquarantine_mac
Containment |
| End a target MAC address's session |
Ends a session of the MAC address that you have specified on Cisco ISE. |
end_session
Miscellaneous |
| MAC Address Log Out |
Logs off a session of the MAC address that you have specified on Cisco ISE. |
logoff_session
Miscellaneous |
operation: List All Active Sessions
Input parameters
None.
Output
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
operation: IP Address Quarantine
Input parameters
| Parameter |
Description |
| Target IP Address |
Specify the IP address of the device to quarantine. |
Output
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
operation: MAC Address Quarantine
Input parameters
| Parameter |
Description |
| Target MAC Address |
Specify the MAC address of the device to quarantine. |
Output
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
operation: IP Address Un-Quarantine
Input parameters
| Parameter |
Description |
| Target IP Address |
Specify the IP address of the device to un-quarantine. |
Output
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
operation: MAC Address Un-Quarantine
Input parameters
| Parameter |
Description |
| Target MAC Address |
Specify the MAC address of the device to un-quarantine. |
Output
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
operation: End a target MAC address session
Input parameters
| Parameter |
Description |
| Target MAC Address |
Specify the MAC address to end the session. |
Output
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
operation: MAC Address Log Out
Input parameters
| Parameter |
Description |
| Target MAC Address |
Specify the MAC address to log out. |
| Target Server Address |
Specify server address to log out target machine. |
Output
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Included playbooks
The Sample - Cisco ISE - 1.0.0 playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.
- End a target MAC address session
- IP Address Quarantine
- IP Address Un-Quarantine
- List All Active Sessions
- MAC Address Log Out
- MAC Address Quarantine
- MAC Address Un-Quarantine
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
