Category: Security


Python: Stealthwatch and Alarms API

It’s been a while since my last post. So many things going on, but I am still here:) Working with ISE Monitoring API I like an option to get errors with code/cause and how/what to check for resolution: I was not able to find any Stealthwatch API for Alarm’s definitions. But there is a cool guide “Security Events and Alarm Categories...


WebApp: Cisco ISE-Python-Flask

My previous post “Python and ISE Monitor Mode” was about how to collect access-session information from the switch and use it for endpoint verification. Specifically for MAB-only devices – add in the proper Endpoint Group in the Cisco ISE. The result of the script was the file with “failed” devices: With this info, we had to log in to the ISE...


Python and ISE Monitor Mode

There are several ways to run ISE (wired) in monitor mode and AuthZ results: dACL, another VLAN, etc. It is always a good idea 🙂 to run ISE in monitor mode first to verify everything is working and then pull the trigger and change it to the production and actually enforce the policy. What We Need and What We Want Cisco...


Python: Apply config to multiple interfaces (with the condition)

It is not about range feature:) After my post about how to get into the switch with “not sure” credentials, let’s assume you fixed access and configured devices with TACACS and SSH. It’s time to drop the interface-level config for ISE NAC (as an example) to all user ports, servers/wireless/trunk must be excluded. With proper segmentation using VLANs, we should have...


Python and Cisco ISE – Collect Endpoints

I like the Cisco ISE GUI interface since 2.4, it’s pretty easy, maybe too many tabs and menus, but once you get the idea – you are good to go. I had a task of ISE migration – from one to another. We had set up 2 ISE deployments in parallel. The idea to keep everything working on ISE#1 while we...

Cisco Firepower Version 6.5.0

Cisco Firepower Version 6.5.0 Entirely new URL categories, most of which identify threats: Talos Intelligence Categories Larger instances for FTDv on Azure – Firepower Threat Defense Virtual on Microsoft Azure now supports larger instances: D4_v2 and D5_v2. VMware vSphere/VMware ESXi 6.7 support Cisco Firepower Version 6.5.0 Release note


Cisco ISE: Update HotSpot access-code Daily

Several times, I run into the question if there is an option to “automatically” change the guest HotSpot access code at a given interval (lets say daily) and I came up with the following solution: ISE API + Python + Task Scheduler Steps: Enable API on ISE Create Python Script Configure Task Scheduler Enable the ERS APIs The ERS APIs are...


Cisco Tetration Policy Analysis

The Policy Analysis feature analyses the effectiveness of policies by analysing all the traffic flow into, out of, and within the application, to compare published policies to actual traffic. This policy analysis relates to Policy 4 (p4): Detailed info for Misdropped, Escaped, Rejected and Permitted flows. Click any line in the detailed flow to show the information that is available –...


Cisco Tetration Application Insight

Application Insight is one of the primary use cases for Tetration. Go to Application > Scope and search for the server: Provides – displays the list of open ports to which the host is providing traffic, along with the local process responsible for the open port. Ports listed in bold represent flows which Tetration has observed a workflow while light grey...


Cisco Tetration Overview

The Cisco Tetration solution addresses data center operational and security challenges by providing pervasive visibility, unprecedented insights and comprehensive workload-protection capability across a multicloud infrastructure. Overall, the Cisco Tetration Analytics application segmentation approach reduces the attack surface within the data center and increases the efficiency of data center operations. Use Cases With true pervasive visibility comprising of every packet, every flow,...