DevNet Workshop-Learning Cisco platform Exchange Grid (pxgrid) Dynamic Topics

Similar documents
Using Cisco pxgrid for Security Platform Integration

Using Cisco pxgrid for Security Platform Integration

How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology

Using Cisco pxgrid for Security Platform Integration

Cisco pxgrid: A New Architecture for Security Platform Integration

Using Username and Password for pxgrid Client

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

Using Cisco pxgrid for Security Platform Integration

NXOS in the Real World Using NX-API REST

Cisco ISE pxgrid App 1.0 for IBM QRadar SIEM. Author: John Eppich

DEVNET Introduction to Git. Ashley Roach Principal Engineer Evangelist

Stop Threats Before They Stop You

Real time Location Services Overview and Use cases

Finesse APIs: Getting started with the REST APIs and XMPP events

Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests

Contiv installation and integration with ACI

Set Up Cisco ISE in a Distributed Environment

Get Hands On With DNA Center APIs for Managing Intent

An Introduction to Developing for Cisco Kinetic

Contiv installation and integration with ACI. LTRCLD-2003

Cisco Spark Messaging APIs - Integration Platforms as a Service Real World Use-Cases

Magical Chatbots with Cisco Spark and IBM Watson

Cisco Spark. Questions? Use Cisco Spark to communicate with the speaker after the session. How

Git, Atom, virtualenv, oh my! Learn about dev tools to live by!

Cloud Mobility: Meraki Wireless & EMM

Network Deployments in Cisco ISE

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

CloudCenter for Developers

NetDevOps Style Configuration Management for the Network

Set Up Cisco ISE in a Distributed Environment

Hybrid Cloud Automation using Cisco CloudCenter API

Managing Cisco UCS with the Python SDK

Cisco UCS Director and ACI Advanced Deployment Lab

Introduction to Cisco IoT Tools for Developers IoT 101

Using ISE 2.2 Internal Certificate Authority (CA) to Deploy Certificates to Cisco Platform Exchange Grid (pxgrid) Clients

The Transformation of Media & Broadcast Video Production to a Professional Media Network

How to securely connect user endpoints to network access wireless or wired. Gyorgy Acs Consulting Systems Engineer Cisco

Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers

Cisco SD-Access Hands-on Lab

Cisco Spark Widgets Technical drill down

BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab

Network Deployments in Cisco ISE

Insights into your WLC with Wireless Streaming Telemetry

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

Hands-On with IoT Standards & Protocols

DevNet Workshop-Hands-on with CloudCenter and Jenkins

Automation with Meraki Provisioning API

Enterprise Recording and Live Streaming Architecture with VBrick

Cisco UCS Agentless Configuration Management Ansible or Microsoft DSC

Introducing Cisco Network Assurance Engine

Configure Maximum Concurrent User Sessions on ISE 2.2

NetBrain Technologies: Achieving Agile Network Operations: How Automation Can Improve Visibility Across Hybrid Infrastructures

Switch and Wireless LAN Controller Configuration Required to Support Cisco ISE Functions

Cisco VIRL. The Swiss-Army Knife of Network Simulators. Simon Knight, Software Engineer Brian Daugherty, Technical Leader.

User Identity Sources

Privacy Requirements Scoping

Introduction to Python Network Programming for Network Architects and Engineers

Tanium Network Quarantine User Guide

PSOACI Tetration Overview. Mike Herbert

Reports. Cisco ISE Reports

BRKCOC-2399 Inside Cisco IT: Integrating Spark with existing large deployments

Hands On Exploration of NETCONF and YANG

Automation and Programmability using Cisco Open NXOS and DevOps Tools

Tetration Hands-on Lab from Deployment to Operations Support

Simplifying Collaboration Deployments with Prime Collaboration

Who wants to be a millionaire? A class in creating your own cryptocurrency

Spark SDK Video - Overview and Coding Demo

Cisco Firepower NGIPS Tuning and Best Practices

Configuring F5 LTM for Load Balancing Cisco Identity Service Engine (ISE)

How to Activate Student Log in to the student Registration system (also known as My Community Education or Banner ).

Connected Mobile Experiences (CMX) Aligning Use Cases and Technology

Troubleshoot and Enable Debugs on ISE

Getting Started with OpenStack

Cisco SD-Access Building the Routed Underlay

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Cisco Cyber Threat Defense Solution 1.0

PnP Deep Dive Hands-on with APIC-EM and Prime Infrastructure

Kuber-what?! Learn about Kubernetes

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

TRex Realistic Traffic Generator

ForeScout ControlFabric TM Architecture

Set Up Policy Conditions

WebEx Integration User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA

Cisco WAN Automation Engine (WAE) Network Programmability with Segment Routing

Radware: Anatomy of an IoT Botnet and Economics of Defense

NSO in Brownfield: Fully Automated One-Click Reconciliation

Deploying Cloud-Agnostic Applications with Cisco CloudCenter

Cisco Secure Access Control

Routing Underlay and NFV Automation with DNA Center

Customer s journey into the private cloud with Cisco Enterprise Cloud Suite

Catalyst 9K High Availability Lab

DevOps CICD for VNF a NetOps Approach

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Quick Guide to Installing and Setting Up MySQL Workbench

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

Creating a custom gadget using the Finesse JavaScript Library API

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Empower your testing with Cisco Test Automation Solution Featuring pyats & Genie

Consuming Model-Driven Telemetry

Transcription:

DevNet Workshop-Learning Cisco platform Exchange Grid (pxgrid) Dynamic Topics Syam Appala, Principal Engineer DEVNET-2433

Agenda Introduction to pxgrid pxgrid Operation Lab on Dynamic Topics

Contextual Awareness Key to Security Event Prioritization and Response Associate User to Event Associate User to Authorization IAM Check Endpoint Posture NAC?? Where is it on the Network? What Kind of Device is it? Potential Breach Event Security Event AAA Logs?? How Do I Mitigate??? MANY SCREENS, MISSING DATA COMPLICATED MITIGATION 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

What is Cisco Platform Exchange Grid (pxgrid) It is a framework for sharing ISE contextual information with other security solutions Allows security vendors to share topic of information via Dynamic Topics Provides enforcement of an organization s security policy rules violation using Adaptive Network Control Mitigation Actions (ANC) DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

pxgrid with Context Sharing ISE as pxgrid Controller CISCO ISE I have location! I need app & identity pxgrid Context Sharing I have application info! I need location & device-type I have sec events! I need identity & device I have identity & device! I need geo-location & MDM I have MDM info! I need location DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

pxgrid with Context Sharing ISE as pxgrid Controller CISCO ISE I have location! I need app & identity pxgrid Publish Context Sharing Topics I have application info! I need location & device-type I have sec events! I need identity & device I have identity & device! I need geo-location & MDM I have MDM info! I need location DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

Operation

pxgrid Components Publisher Pusblisher - ISE Admin & MnT node publishes Topic information DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

pxgrid Components Publisher Pusblisher - pxgrid client can publish Topics Dynamic Topics introduced in ISE 2.0 DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

pxgrid Components Subscriber Subscriber- Cisco Security Solution or Ecosystem Partner subscribes to Topic DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

pxgrid Components Controller Authorizes and enforces client registration Performs client management Manages Publisher/Subscriber & Topics DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

ISE pxgrid Controller Enforces and Autho DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

Capabilities or Topics of Information Schema for context sharing with registered pxgrid clients Session Directory provides ISE contextual attributes Session={ip=[192.168.1.15], Audit Session Id=0A000001000000170001B0AB, UserName=jeppich, ADUserDNSDomain=lab10.com, ADUserNetBIOSName=LAB10, ADUserResolvedIdentities=jeppich@lab10.com, ADUserResolvedDNs=CN=John Eppich,CN=Users,DC=lab10,DC=com, MacAddresses=[00:50:56:86:C9:92], State=STARTED, ANCstatus=ANC_Quarantine, SecurityGroup=Quarantined_Systems, EndpointProfile=VMWare- Device, NAS IP=192.168.1.3, NAS Port=GigabitEthernet1/0/11, RADIUSAVPairs=[ Acct-Session- Id=0000002E], Posture Status=null, Posture Timestamp=, LastUpdateTime=Sat Jan 21 11:49:04 EST 2017, Session attributename=authorization_profiles, Session attributevalue=quarantined_systems, Providers=[None], EndpointCheckResult=none, IdentitySourceFirstPort=0, IdentitySourcePortStart=0, IdentitySourcePortEnd=0, IsMachineAuthentocation=false} DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

pxgrid Client Groups Basic provides ISE pxgrid node connectivity. The pxgrid admin, must manually move the registered pxgrid client into the other client groups, most likely the Session group, which provides access to the pxgrid session objects Administrator reserved for ISE published node clients Session- provides access to pxgrid session objects ANC- subscribes to ANC AdaptiveNetworkControlService EPS- subscribes to EPS EndpointProtectionService Publisher, Action, Subscribe Group for dynamic topics DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

Lab on Dynamic Topics

Dynamic Topics- Benefits Allow pxgrid client to interact with other clients and enforce a more accurate organizationalsecurity policy by including contextual information from the other security vendors Can help reduce false positives and false negatives in a security vendor s solution DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE pxgrid Context Sharing DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity Publish I have application info! I need location & device-type DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity Publish I have application info! I need location & device-type DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity Discover Topic I have application info! I need location & device-type DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity Discover Topic I have application info! I need location & device-type DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity Continuous Flow Directed Query I have application info! I need location & device-type DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity I have application info! I need location & device-type I have identity & device! I need geo-location & MDM DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity I have application info! I need location & device-type I have identity & device! I need geo-location & MDM DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity I have application info! I need location & device-type I have identity & device! I need geo-location & MDM DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity I have application info! I need location & device-type I have sec events! I need identity & device I have identity & device! I need geo-location & MDM I have MDM info! I need location DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

pxgrid with Dynamic Topics ISE as pxgrid Controller CISCO ISE I have location! I need app & identity Continuous Flow Directed Query I have application info! I need location & device-type I have sec events! I need identity & device I have identity & device! I need geo-location & MDM I have MDM info! I need location DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

Workbench Lab Example Scenario: Detection Networks is a ficticious company that uses honeypots to lure intruders into false security of the companies crown jewels. - Publish BAD_HOSTS_Table - Conatins: IPAddrss, MACAddress, FQDN, Username, and EndpointDevicr information of infected host -VA Scanners subscribe to the BAD_HOSTS_Table and include the BAD_HOSTS_Table attributes in their security policy to scan for vulnerabilities DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32

Dynamic Topic Workflow Publisher pxgrid Controller Subscriber Propose BAD_HOST_Table Topic Admin approves topic Publishes events to topic Publisher added to topic Publisher defines Query Action Topics Publisher, Session, Action Groups Assigned Subscriber defines what topics to subscribe to Subscriber subscribes to topic Communication Flows Directly 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Propose a New Topic /propose_capability.sh -a 192.168.1.230 -u DetectionNetworks -k mac22.jks -p Cisco123 -t rootiseca.jks -q Cisco123 -g Session -d pxgrid New Publisher ------- properties ------- version=1.0.4.17 hostnames=192.168.1.230 username=detectionnetworks password= group=basic description=pxgrid keystorefilename=mac22.jks keystorepassword=cisco123 truststorefilename=rootiseca.jks truststorepassword=cisco123 -------------------------- 11:55:40.837 [Thread-1] INFO com.cisco.pxgrid.reconnectionmanager - Started Connecting... 11:55:40.856 [Thread-1] INFO com.cisco.pxgrid.configuration - Connecting to host 192.168.1.230 11:55:41.193 [Thread-1] INFO com.cisco.pxgrid.configuration - Connected OK to host 192.168.1.230 11:55:41.194 [Thread-1] INFO com.cisco.pxgrid.configuration - Client Login to host 192.168.1.230 11:55:41.461 [Thread-1] INFO com.cisco.pxgrid.configuration - Client Login OK to host 192.168.1.230 Connected DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34

Adding BAD_HOST Topic and Query Items New capability? (y/n): y Enter capability name: BAD_HOSTS_Table Enter capability version: 1.0 Enter capability description: Infected Hosts Table Enter vendor platform: DetectionNetworks Enter query name (<enter> to continue): ipaddress Enter query name (<enter> to continue): macaddress Enter query name (<enter> to continue): FQDN Enter query name (<enter> to continue): Username Enter query name (<enter> to continue): EndpointDevice Enter query name (<enter> to continue): Enter action name (<enter> to continue): Proposing new capability... Press <enter> to disconnect...change=created; capability=bad_hosts_table, version=1.0 Authorization changed Connection closed DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35

The New Topic is Proposed DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

Admin Approves Topic DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37

Topic is Created DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38

Client Groups Added DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39

Generic_publisher.properties GENERIC_TOPIC_NAME="BAD_HOSTS_Table" GENERIC_CLIENT_MODE="publisher" GENERIC_QUERY_NAME_SET="" GENERIC_ACTION_NAME_SET="" GENERIC_PUBLISH_DATA_SET="pub-notif-001,pub-notif-002,pub-notif-003" GENERIC_REQUEST_DATA_SET="" GENERIC_RESPONSE_DATA_SET="resp-001,resp-002,resp-003,resp-004" GENERIC_SLEEP_INTERVAL="500" GENERIC_ITERATIONS="20" DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40

Publishing Topic /generic_client.sh -a 192.168.1.230 -u DetectionNetworks -k mac22.jks -p Cisco123 -t rootiseca.jks -q Cisco123 -c generic_publisher.properties Initialized : GenericClient: topicname=bad_hosts_table clientmode=publisher sleepinterval=500 iterations=20 querynameset=[] actionnameset=[] publishdataset=[pub-notif-001, pub-notif-002, pub-notif-003] requestdataset=[] responsedataset=[resp-001, resp-002, resp-003, resp-004] --- DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41

Publishing BAD_HOSTS_Table and Query Items Connected 12:11:19.020 [Thread-1] INFO com.cisco.pxgrid.reconnectionmanager - Connected Publishing notification: GenericMessage: messagetype=notification capabilityname=bad_hosts_table operationname=samplenotification body: content: contenttags=[notif-tag-201] contenttype=plain_text value=notification[1485105079225]pub-notif-001 Publishing notification: GenericMessage: DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42

Publisher Successfully Registers as pxgrid Client DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43

Generic_subscriber.properties GENERIC_TOPIC_NAME="BAD_HOSTS_Table" GENERIC_CLIENT_MODE="subscriber" GENERIC_QUERY_NAME_SET="ipAddress,macaddress,FQDN,Username,EndpointDevice" GENERIC_ACTION_NAME_SET="" GENERIC_PUBLISH_DATA_SET="" GENERIC_REQUEST_DATA_SET="req-001,req-002,req-003" GENERIC_RESPONSE_DATA_SET="" GENERIC_SLEEP_INTERVAL="500" GENERIC_ITERATIONS="20" DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44

Subscribing to Capability./generic_client.sh -a 192.168.1.230 -u VA_Scanners -k mac22.jks -p Cisco123 -t rootiseca.jks -c generic_subscriber.properties Initialized : GenericClient: topicname=bad_hosts_table clientmode=subscriber sleepinterval=500 iterations=20 querynameset=[ipaddress, macaddress, FQDN, Username, EndpointDevice] actionnameset=[] publishdataset=[] requestdataset=[req-001, req-002, req-003] responsedataset=[] DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45

Subscribing to BAD_Hosts_Table and Query Items Sending request: GenericMessage: messagetype=request capabilityname=bad_hosts_table operationname=endpointdevice body: content: contenttags=[query-tag-301] contenttype=plain_text value=query[1485105417176]req-002 Received response: GenericMessage: messagetype=response capabilityname=bad_hosts_table operationname=endpointdevice body: content: contenttags=[resp-tag-101] contenttype=plain_text value=response[1485105417203]resp-004 - for request[query[1485105417176]req-002] DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46

Subscriber Consumes Topic DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

Complete Your Online Session Evaluation Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48

Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions DEVNET-2433 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49

Q & A

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback