Cisco ISE and Splunk

splunkcol · ‎02-17-2021

I need to ingest data for a Cisco ISE server, but I have had to deal with a protocol called "PxGrid" that, according to what I have been informed, allows a bidirectional communication between Splunk and Cisco ISE allowing devices to be blocked from a Splunk Dasboard, ip, among other functions.

I understand this from the operation of the 2 available APPs, and it is my first question to confirm if I am right or wrong:

Splunk Add-on for Cisco Identity Services: I understand that it is the one that allows data ingestion through sysog

Splunk for Cisco Identity Services (ISE): Dashboards and Reports

I do not know completely what this "PxGrid" protocol does, what I would like to know is:

1. PxGrid is still supported by Splunk or is it no longer supported?

2. Is it true that devices can be blocked from a Dashboard to be reflected in the Cisco ISE as an automation process?

3. I am working in a centralized architecture where in a single server I have the syslog ingestion, indexing and search head, what should I take into account when making this implementation of Cisco ISE - Splunk?

4. With these notes I understand that this functionality is no longer available
https://docs.splunk.com/Documentation/AddOns/released/CiscoISE/Releasenotes

thanks if someone can help me

Cisco ISE and Splunk

administration

configuration

dashboard

installation

other

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms