6 Replies Latest reply on Jan 20, 2017 1:39 AM by xded

    Using Cisco ISE as a data source?


      Is anyone using Cisco ISE as a data source in SIEM? It says that is a supported device, but there is only one rule that exists in SIEM for it. So we are able to get the data in, but almost everything shows up as a "unknown event." ISE does a lot of authentications for us and seems valuable to have as a data source that could parse the authentications for correlation. Any thoughts or help would be great.