Tagged: Security

Cisco Firepower Version 6.5.0

Cisco Firepower Version 6.5.0 Entirely new URL categories, most of which identify threats: Talos Intelligence Categories Larger instances for FTDv on Azure – Firepower Threat Defense Virtual on Microsoft Azure now supports larger instances: D4_v2 and D5_v2. VMware vSphere/VMware ESXi 6.7 support Cisco Firepower Version 6.5.0 Release note

0

Cisco ISE: Update HotSpot access-code Daily

Several times, I run into the question if there is an option to “automatically” change the guest HotSpot access code at a given interval (lets say daily) and I came up with the following solution: ISE API + Python + Task Scheduler Steps: Enable API on ISE Create Python Script Configure Task Scheduler Enable the ERS APIs The ERS APIs are...

0

Cisco Tetration Policy Analysis

The Policy Analysis feature analyses the effectiveness of policies by analysing all the traffic flow into, out of, and within the application, to compare published policies to actual traffic. This policy analysis relates to Policy 4 (p4): Detailed info for Misdropped, Escaped, Rejected and Permitted flows. Click any line in the detailed flow to show the information that is available –...

0

Cisco Tetration Application Insight

Application Insight is one of the primary use cases for Tetration. Go to Application > Scope and search for the server: Provides – displays the list of open ports to which the host is providing traffic, along with the local process responsible for the open port. Ports listed in bold represent flows which Tetration has observed a workflow while light grey...

2

Cisco Tetration Overview

The Cisco Tetration solution addresses data center operational and security challenges by providing pervasive visibility, unprecedented insights and comprehensive workload-protection capability across a multicloud infrastructure. Overall, the Cisco Tetration Analytics application segmentation approach reduces the attack surface within the data center and increases the efficiency of data center operations. Use Cases With true pervasive visibility comprising of every packet, every flow,...

0

Cisco Stealthwatch Alarming Hosts Investigation

How to get additional information about a host present on the Top Alarming Hosts dashboard. Select Top Reports and another pop-up menu appears with options such as Top Applications, Top Ports, Top Protocols etc. By default, the query looks at the past 5 minutes. The number of Flows for each application category is a live link. Click on the Flows number...

4

Cisco Stealthwatch Management Console (SMC) Overview

Cisco Stealthwatch collects and analyzes network data to deliver comprehensive visibility and protection for even the largest and most dynamic networks. Stealthwatch analyzes industry-standard NetFlow data from Cisco and other vendors’ routers, switches, firewalls, and other network devices to detect advanced and persistent security threats such as internally spreading malware, data leakage, botnet command and control traffic, and network reconnaissance Stealthwatch...

0

Cisco ISE Force Guests to accept AUP

Here is how I usually configure NEW-Guest-Endpoints purge policy and options we have. Administration > identity Management > Settings > Endpoint Purge ElapsedDays—Number of days since the object is created. For every day purge: “Elapsed Days less than 1“: This should work for brand new endpoints, but what if you implement this purge rule after ISE has already learned the MAC...

0

Cisco 802.1X Supplicant and NAD

Every ISE deployment project includes this question from the client: What if dot1x is enabled on the supplicant and not on the NAD and vice verse? Supplicant – Configured, NAD – Not Configured:If 802.1X is not enabled or supported on the network access device, any EAPOL frames from the client are dropped. If the client does not receive an EAP-request/identity frame...