All Apps and Add-ons

Cisco ISE and Splunk

splunkcol
Contributor

I need to ingest data for a Cisco ISE server, but I have had to deal with a protocol called "PxGrid" that, according to what I have been informed, allows a bidirectional communication between Splunk and Cisco ISE allowing devices to be blocked from a Splunk Dasboard, ip, among other functions.

I understand this from the operation of the 2 available APPs, and it is my first question to confirm if I am right or wrong:

Splunk Add-on for Cisco Identity Services: I understand that it is the one that allows data ingestion through sysog

Splunk for Cisco Identity Services (ISE): Dashboards and Reports

 

I do not know completely what this "PxGrid" protocol does, what I would like to know is:

1. PxGrid is still supported by Splunk or is it no longer supported?

2. Is it true that devices can be blocked from a Dashboard to be reflected in the Cisco ISE as an automation process?

3. I am working in a centralized architecture where in a single server I have the syslog ingestion, indexing and search head, what should I take into account when making this implementation of Cisco ISE - Splunk?

 

4. With these notes I understand that this functionality is no longer available
https://docs.splunk.com/Documentation/AddOns/released/CiscoISE/Releasenotes

splunkcol_0-1613586045459.png

 

thanks if someone can help me

 

0 Karma