Cisco Identity Services Engine (ISE)¶
When Cisco Identity Services Engine (ISE) username reporting is enabled, Plixer Scrutinizer is able retrieve username lists, search flows for specific usernames, and run additional reports related to Cisco ISE user traffic.
Important
Username reporting integration in Plixer Scrutinizer supports Cisco ISE versions 1.2, 1.3, 1.4, 2.0, 2.1, and 2.3.
Enabling ERS¶
Before setting up Cisco ISE username reporting in Plixer Scrutinizer, External RESTful Services (ERS) should first be enabled on the ISE appliance as follows:
On the ISE server, create a new user with the following permissions:
ERS Admin
ERS Operator
Super Admin
System Admin
Test the configuration using an external host via a Postman
GETrequest using the URL:https://[ISE_server_address/ise/mnt/Session/AuthList/null/nullHint
When creating the
GETrequest using Postman, navigate to the server using a browser and agree to use a bad certificate. Leave that window open.
Visit the Cisco website to learn more about enabling ERS for the supported ISE versions.
Configuring steps in Plixer Scrutinizer¶
SSH into the Plixer Scrutinizer server as the
plixeruser and run/home/plixer/scrutinizer/bin/scrut_utilto launch the scrut_util interactive CLI.At the
SCRUTINIZER>prompt, enter:SCRUTINIZER> ciscoise add [ISE_IP] [ISE_TCP_port] [ISE_user>]This adds a Cisco ISE node from which username data for active sessions can be retrieved.
ISE_IPandISE_TCP_portrefer to the the ISE server’s address and TCP port number andISE_userrefers to the user previously created on the same server.When prompted, enter the password for the ISE user.
After all configuration steps have been completed, all functions associated with Cisco ISE username reporting will immediately be enabled.
Note
It may take several minutes before usernames are displayed in the web interface.
scrut_util commands for Cisco ISE¶
Information about other scrut_util commands related to Cisco ISE username reporting can be found here.