ISE Endpoint Profiling with Network Packet Analyzers
Cisco Technical Marketing Engineer, Taylor Cook explains how to use open source tools like Python and Wireshark to gain additional profiling insights on endpoints to create granular security policies within ISE.
Topics:
00:00 Intro and Agenda
01:20 Slido Poll: What tools do you use for Profiling today?
03:08 Slido Poll: Skill assessment with Wireshark and Python
05:12 Profiling Overview: Your Network + Your Data = Better Profiling
08:26 Switch Profiling Configuration
10:26 ISE Profiling Probes
10:50 Cisco Platform Exchange Grid (pxrGrid) Probe for Profiling
11:30 Enabling ISE pxGrid Persona for IOTAsset attributes
13:00 ISE APIs: REST (https://) and Websockets (wss://)
14:38 pxGrid APIs and Differences
16:32 Existing Python Tools for pxGrid:
`pxgrid-util` @ https://github.com/cisco-pxgrid/pytho...
19:32 Certificates & pxGrid
21:20 Demo: Generate ISE pxGrid Certificates
23:22 Gathering Endpoint Data with ISE Profiling
24:32 Add Collectors to Gather Data via SPAN or ERSPAN
25:46 Network Packet Analyzers: Wireshark, tshark, and pyshark:
`pip install pyshark`
27:30 pyshark Usage and Live Capture Example
31:59 Putting the Pieces Together for Improved Profiling Data
35:07 New Profile Definitions in ISE with IOTAsset attributes
36:19 Demo: ISE 3.3 with Multi-Factor Classifications (MFCs)
```sh
pxgrid_pyshark \
-a ise33.cisco.local \
-n ise-pyshark \
-c ISE-pyshark.cer \
-k ISE-pyshark.key \
-s ISE33.cisco.local.pem \
-interface ene \
--verbose
```
39:52 Next Steps / Requirements / Caveats
https://github.com/taylor-cook/pxgrid...
`pip install pxgrid-pyshark`
43:09 Demo: Ubuntu Collector Setup
```sh
sudo apt-get update
sudo apt install python3-pip -y
sudo apt install tshark -y
sudo pip install pxgrid-pyshark
```
47:18 Demo: Existing PCAP File
```sh
sudo pxgrid-pyshark-file
```
49:21 Recommendations and ERSPAN Example with ACL
```ios
ip access-list extended ERSPAN-ACL
10 permit udp any any eq 5353
20 permit udp any any eq 1900
30 permit udp any any eq 5060
40 permit tcp any any eq 80
50 permit tep any any eq 8080
60 permit udp any any eq 138
exit
monitor session {id} type erspan-source
source interface {int x/x} rx
source interface {int x/y - z} rx
filter ip access-group ERSPAN-ACL
destination
erspan-id {erspan-id}
ip address {collector ip}
exit
no shut
end
```
51:30 References
DEVNET-2292 ISE APIs in Practice
pxgrid-pyshark Github: https://github.com/taylor-cook/pxgrid...
pyshark documentation: https://pypi.org/project/pyshark/
pxgrid-util documentation: https://pypi.org/project/pxgrid-util/
ISE Performance and Scale Guide: https://cs.co/ise-scale
Apple Product models/names - https://theapplewiki.com
IEEE OUI Database: https://standards-oui.ieee.org
Regex Tools: https://Regex101.com and https://regex-generator.olafneumann.org
pxGrid Reference - https://github.com/cisco-pxgrid/pxgri...
pxGrid Developer Resources: https://developer.cisco.com/docs/pxgrid
CLI Utility: https://github.com/vbobrov/pxgrid-api
52:12 ISE Resources
ISE 3.4 Beta: https://cs.co/ise-openbeta
Cisco ISE 2.x to 3.x License Migration Offer for Customers: https://cs.co/ise-licensing
ISE Webinars: https://cs.co/ise-webinars
ISE YouTube Channel: https://cs.co/ise-videos
ISE Resources: https://cs.co/ise-resources
ISE Community: https://cs.co/ise-community
ISE Security Integration Guides: https://cs.co/ise-guides
ISE NAD Capabilities: https://cs.co/nad-capabilities
Does ISE Support My Network Device?: https://cs.co/ise-interop
ISE Troubleshooting Tech Notes: https://cs.co/ise-troubleshooting
ISE Licensing & Evaluations: https://cs.co/ise-licensing
Watch video ISE Endpoint Profiling with Network Packet Analyzers online without registration, duration hours minute second in high quality. This video was added by user Cisco ISE - Identity Services Engine 09 March 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 3,02 once and liked it 5 people.