Skip to main content
Splunk Lantern

Cisco: Identity Services

 

Cisco Identity Services Engine (ISE) is a security policy management and control platform. It automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. You can use the Splunk platform to analyze Cisco ISE syslog data directly or use it as a contextual data source to correlate with other communication and authentication data. In the Common Information Model, Cisco Identity Services data can be mapped to any of the following data models, depending on the field: Alerts, Authentication, Change, Endpoint, Network Traffic.

Configuration

Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note the following:

Application

When your Splunk deployment is ingesting Cisco Identity Services data, you can use the data to achieve the following: