Tagged: Security


Python: Stealthwatch and Alarms API

It’s been a while since my last post. So many things going on, but I am still here:) Working with ISE Monitoring API I like an option to get errors with code/cause and how/what to check for resolution: I was not able to find any Stealthwatch API for Alarm’s definitions. But there is a cool guide “Security Events and Alarm Categories...


WebApp: Cisco ISE-Python-Flask

My previous post “Python and ISE Monitor Mode” was about how to collect access-session information from the switch and use it for endpoint verification. Specifically for MAB-only devices – add in the proper Endpoint Group in the Cisco ISE. The result of the script was the file with “failed” devices: With this info, we had to log in to the ISE...


Python and ISE Monitor Mode

There are several ways to run ISE (wired) in monitor mode and AuthZ results: dACL, another VLAN, etc. It is always a good idea πŸ™‚ to run ISE in monitor mode first to verify everything is working and then pull the trigger and change it to the production and actually enforce the policy. What We Need and What We Want Cisco...

Cisco Firepower Version 6.5.0

Cisco Firepower Version 6.5.0 Entirely new URL categories, most of which identify threats: Talos Intelligence Categories Larger instances for FTDv on Azure – Firepower Threat Defense Virtual on Microsoft Azure now supports larger instances: D4_v2 and D5_v2. VMware vSphere/VMware ESXi 6.7 support Cisco Firepower Version 6.5.0 Release note


Cisco ISE: Update HotSpot access-code Daily

Several times, I run into the question if there is an option to “automatically” change the guest HotSpot access code at a given interval (lets say daily) and I came up with the following solution: ISE API + Python + Task Scheduler Steps: Enable API on ISE Create Python Script Configure Task Scheduler Enable the ERS APIs The ERS APIs are...


Cisco Tetration Policy Analysis

The Policy Analysis feature analyses the effectiveness of policies by analysing all the traffic flow into, out of, and within the application, to compare published policies to actual traffic. This policy analysis relates to Policy 4 (p4): Detailed info for Misdropped, Escaped, Rejected and Permitted flows. Click any line in the detailed flow to show the information that is available –...


Cisco Tetration Application Insight

Application Insight is one of the primary use cases for Tetration. Go to Application > Scope and search for the server: Provides – displays the list of open ports to which the host is providing traffic, along with the local process responsible for the open port. Ports listed in bold represent flows which Tetration has observed a workflow while light grey...


Cisco Tetration Overview

The Cisco Tetration solution addresses data center operational and security challenges by providing pervasive visibility, unprecedented insights and comprehensive workload-protection capability across a multicloud infrastructure. Overall, the Cisco Tetration Analytics application segmentation approach reduces the attack surface within the data center and increases the efficiency of data center operations. Use Cases With true pervasive visibility comprising of every packet, every flow,...


Cisco Stealthwatch Alarming Hosts Investigation

How to get additional information about a host present on the Top Alarming Hosts dashboard. Select Top Reports and another pop-up menu appears with options such as Top Applications, Top Ports, Top Protocols etc. By default, the query looks at the past 5 minutes. The number of Flows for each application category is a live link. Click on the Flows number...


Cisco Stealthwatch Management Console (SMC) Overview

Cisco Stealthwatch collects and analyzes network data to deliver comprehensive visibility and protection for even the largest and most dynamic networks. Stealthwatch analyzes industry-standard NetFlow data from Cisco and other vendors’ routers, switches, firewalls, and other network devices to detect advanced and persistent security threats such as internally spreading malware, data leakage, botnet command and control traffic, and network reconnaissance Stealthwatch...