Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Cisco ISE Logs | ✅ | ✅ | cisco_ise_logs | Text | S3 |
Overview
Cisco Identity Services Engine (ISE) is an identity-based network access control and policy enforcement system. It functions as a common policy engine that enables endpoint access control and network device administration for enterprises.
Integrating Cisco ISE Logs to Hunters allows to ingest the data from your appliances and levarage it in the Hunters Login Schema and IOC Search feature.
Supported data types
Cisco ISE Logs
Table name: cisco_ise_logs
Cisco Identity Services Engine (ISE) provides a logging mechanism that is used for auditing, fault management, and troubleshooting. The logging mechanism helps you to identify fault conditions in deployed services and troubleshoot issues efficiently. It also produces logging output from the monitoring and troubleshooting primary node in a consistent fashion.
Send data to Hunters
Hunters supports the ingestion of Cisco ISE logs via an intermediary AWS S3 bucket.
To connect Cisco ISE logs:
Export your logs from Cisco to an AWS S3 bucket by following this guide.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in text format.
<181>Nov 26 23:58:24 ajioshdi2y1987yer1hu2r CISE_TACACS_Accounting 4124124124 2 1 NetworkDeviceGroups=GGG, NetworkDeviceGroups=GROUPS, NetworkDeviceGroups=Device Type#All Device Types, CPMSessionID=3818243267143.15.56asd, Network Device Profile=Cisco, AA=AA#ASD#ASD, Location=Location#All Locations#North America, Device Type=Device Type#All Device Types, IPSEC=IPSEC#Is IPSEC Device#No, Response={AcctReply-Status=Success; },