I need to ingest data for a Cisco ISE server, but I have had to deal with a protocol called "PxGrid" that, according to what I have been informed, allows a bidirectional communication between Splunk and Cisco ISE allowing devices to be blocked from a Splunk Dasboard, ip, among other functions.
I understand this from the operation of the 2 available APPs, and it is my first question to confirm if I am right or wrong:
Splunk Add-on for Cisco Identity Services: I understand that it is the one that allows data ingestion through sysog
Splunk for Cisco Identity Services (ISE): Dashboards and Reports
I do not know completely what this "PxGrid" protocol does, what I would like to know is:
1. PxGrid is still supported by Splunk or is it no longer supported?
2. Is it true that devices can be blocked from a Dashboard to be reflected in the Cisco ISE as an automation process?
3. I am working in a centralized architecture where in a single server I have the syslog ingestion, indexing and search head, what should I take into account when making this implementation of Cisco ISE - Splunk?
4. With these notes I understand that this functionality is no longer available
https://docs.splunk.com/Documentation/AddOns/released/CiscoISE/Releasenotes
thanks if someone can help me