Cisco ISE

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Cisco ISE Logs

✅

✅

cisco_ise_logs

Text

S3


Overview

imageCisco Identity Services Engine (ISE) is an identity-based network access control and policy enforcement system. It functions as a common policy engine that enables endpoint access control and network device administration for enterprises.
Integrating Cisco ISE Logs to Hunters allows to ingest the data from your appliances and levarage it in the Hunters Login Schema and IOC Search feature.

Supported data types

Cisco ISE Logs

Table name: cisco_ise_logs

Cisco Identity Services Engine (ISE) provides a logging mechanism that is used for auditing, fault management, and troubleshooting. The logging mechanism helps you to identify fault conditions in deployed services and troubleshoot issues efficiently. It also produces logging output from the monitoring and troubleshooting primary node in a consistent fashion.

Send data to Hunters

Hunters supports the ingestion of Cisco ISE logs via an intermediary AWS S3 bucket.

To connect Cisco ISE logs:

  1. Export your logs from Cisco to an AWS S3 bucket by following this guide.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in text format.

<181>Nov 26 23:58:24 ajioshdi2y1987yer1hu2r CISE_TACACS_Accounting 4124124124 2 1  NetworkDeviceGroups=GGG, NetworkDeviceGroups=GROUPS, NetworkDeviceGroups=Device Type#All Device Types, CPMSessionID=3818243267143.15.56asd, Network Device Profile=Cisco, AA=AA#ASD#ASD, Location=Location#All Locations#North America, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No,  Response={AcctReply-Status=Success; },