We use our own parser for this Datasource. I can attach in this forum if you want.
Cloud you please help me to integrate cisco ISE with SIEM.
Yes i can but your log will be different as mine log. but if you want i can write the parser for you.
I'm also interested in seeing how you parsed these xded.
I recommend that you register the ciso Teams in ESM and in the support Generic Syslogs: Log "unknown syslog"
Then clear that you configure CISCO to send the syslog logging log to the collector, then log it as I told you and you will see "unknown" events, you see the detail of those events and then you go to package and poesteas those packages and I can help you To create the rule so that you can understand them.
go to the Policy Editor and search for this Parser Signature ID: 1029310 Than copy this parser and paste it. After the copy process open the copy and add some parser strings.
+ Button and
Hope this will help you.