Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.
This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-cisco-ise
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the connectors page, select the Cisco ISE connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations. |
Username | Username to access the Cisco ISE to which you will connect and perform the automated operations. |
Password | Password to access the Cisco ISE server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
List All Active Sessions | Retrieves a list of all active sessions from Cisco ISE. | list_active_sessions Investigation |
IP Address Quarantine | Quarantines an IP address that you have specified on Cisco ISE. | quarantine_ip Containment |
MAC Address Quarantine | Quarantines a MAC address that you have specified on Cisco ISE. | quarantine_mac Containment |
IP Address Un-Quarantine | Removes an IP address that you have specified from the quarantine list on Cisco ISE. | unquarantine_ip Containment |
MAC Address Un-Quarantine | Removes a MAC address that you have specified from the quarantine list on Cisco ISE. | unquarantine_mac Containment |
End a target MAC address's session | Ends a session of the MAC address that you have specified on Cisco ISE. | end_session Miscellaneous |
MAC Address Log Out | Logs off a session of the MAC address that you have specified on Cisco ISE. | logoff_session Miscellaneous |
None.
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target IP Address | Specify the IP address of the device to quarantine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | Specify the MAC address of the device to quarantine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target IP Address | Specify the IP address of the device to un-quarantine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | Specify the MAC address of the device to un-quarantine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | Specify the MAC address to end the session. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | Specify the MAC address to log out. |
Target Server Address | Specify server address to log out target machine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
The Sample - Cisco ISE - 1.0.0
playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.
This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.
Connector Version: 1.0.0
Authored By: Fortinet
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-cisco-ise
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the connectors page, select the Cisco ISE connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations. |
Username | Username to access the Cisco ISE to which you will connect and perform the automated operations. |
Password | Password to access the Cisco ISE server to which you will connect and perform the automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
List All Active Sessions | Retrieves a list of all active sessions from Cisco ISE. | list_active_sessions Investigation |
IP Address Quarantine | Quarantines an IP address that you have specified on Cisco ISE. | quarantine_ip Containment |
MAC Address Quarantine | Quarantines a MAC address that you have specified on Cisco ISE. | quarantine_mac Containment |
IP Address Un-Quarantine | Removes an IP address that you have specified from the quarantine list on Cisco ISE. | unquarantine_ip Containment |
MAC Address Un-Quarantine | Removes a MAC address that you have specified from the quarantine list on Cisco ISE. | unquarantine_mac Containment |
End a target MAC address's session | Ends a session of the MAC address that you have specified on Cisco ISE. | end_session Miscellaneous |
MAC Address Log Out | Logs off a session of the MAC address that you have specified on Cisco ISE. | logoff_session Miscellaneous |
None.
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target IP Address | Specify the IP address of the device to quarantine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | Specify the MAC address of the device to quarantine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target IP Address | Specify the IP address of the device to un-quarantine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | Specify the MAC address of the device to un-quarantine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | Specify the MAC address to end the session. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | Specify the MAC address to log out. |
Target Server Address | Specify server address to log out target machine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
The Sample - Cisco ISE - 1.0.0
playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.