Руководство По Настройке для Cisco Cisco Identity Services Engine 2.1
At-a-Glance
Improve the Analytics and Mitigation of High-Risk Use
User and entity behavioral analytics (UEBA) technologies help detect
malicious and abusive user activities that may otherwise go unnoticed.
Through pxGrid integration you can quickly map user activities to the
wealth of user identity, endpoint, and network information generated by
the Cisco® Identity Services Engine (ISE).
malicious and abusive user activities that may otherwise go unnoticed.
Through pxGrid integration you can quickly map user activities to the
wealth of user identity, endpoint, and network information generated by
the Cisco® Identity Services Engine (ISE).
With all this data in one place your security analysts can quickly
determine who is involved in a security event, whether it needs further
investigation, and how urgent a threat it is. They can vastly shorten the
time it takes to remediate network security threats.
determine who is involved in a security event, whether it needs further
investigation, and how urgent a threat it is. They can vastly shorten the
time it takes to remediate network security threats.
How ISE and UEBA Work Together
Cisco ISE provides its user identity and device information to the UEBA
system through pxGrid, which is associated with UEBA-detected events.
When they’re identified, you can use the network as an enforcer and
mitigate a threat right from the UEBA product.
system through pxGrid, which is associated with UEBA-detected events.
When they’re identified, you can use the network as an enforcer and
mitigate a threat right from the UEBA product.
The information that ISE provides to UEBA products includes:
• User
• IP address
• Authentication status
• Location
• User class (authorization group, guest, quarantine status)
• Manufacturer, model, OS, OS version, MAC address, IP address,
• IP address
• Authentication status
• Location
• User class (authorization group, guest, quarantine status)
• Manufacturer, model, OS, OS version, MAC address, IP address,
network connection method (wired or wireless)
• Posture and compliance status (antivirus installed, antivirus version,
OS patch level, mobile device posture compliance status (through
Cisco mobile device management partners)
Cisco mobile device management partners)
• Location
• Threat level
• Threat level
Cisco Identity Services
Engine and User and
Entity Behavior Analytics
Integration Using pxGrid
© 2016 Cisco and/or its affiliates. All rights reserved.
Benefits
• Get answers faster so you
decrease the time it takes
to classify and respond to
events
• Stop bad behaviors
faster through faster event
responses to high-severity
events
• Protect critical data faster
by quarantining a user or
redirecting traffic for deeper
investigation