Category: Security

0

Cisco Stealthwatch Alarming Hosts Investigation

How to get additional information about a host present on the Top Alarming Hosts dashboard. Select Top Reports and another pop-up menu appears with options such as Top Applications, Top Ports, Top Protocols etc. By default, the query looks at the past 5 minutes. The number of Flows for each application category is a live link. Click on the Flows number...

5

Cisco Stealthwatch Management Console (SMC) Overview

Cisco Stealthwatch collects and analyzes network data to deliver comprehensive visibility and protection for even the largest and most dynamic networks. Stealthwatch analyzes industry-standard NetFlow data from Cisco and other vendors’ routers, switches, firewalls, and other network devices to detect advanced and persistent security threats such as internally spreading malware, data leakage, botnet command and control traffic, and network reconnaissance Stealthwatch...

0

Cisco ISE Force Guests to accept AUP

Here is how I usually configure NEW-Guest-Endpoints purge policy and options we have. Administration > identity Management > Settings > Endpoint Purge ElapsedDays—Number of days since the object is created. For every day purge: “Elapsed Days less than 1“: This should work for brand new endpoints, but what if you implement this purge rule after ISE has already learned the MAC...

0

Cisco 802.1X Supplicant and NAD

Every ISE deployment project includes this question from the client: What if dot1x is enabled on the supplicant and not on the NAD and vice verse? Supplicant – Configured, NAD – Not Configured:If 802.1X is not enabled or supported on the network access device, any EAPOL frames from the client are dropped. If the client does not receive an EAP-request/identity frame...

0

Cisco ISE Posture Update Issue

Trying to update Posture got the following error message: “Remote address is not accessible. Please make sure update feed url, proxy address and proxy port are properly configured”. Solution:Check cisco.com certificate and add intermediate certificate to the ISE trusted store: