{ "name": "cisco_ise", "title": "Cisco ISE", "version": "1.32.3", "release": "ga", "description": "Collect logs from Cisco ISE with Elastic Agent.", "type": "integration", "download": "/epr/cisco_ise/cisco_ise-1.32.3.zip", "path": "/package/cisco_ise/1.32.3", "icons": [ { "src": "/img/cisco-ise-logo.svg", "path": "/package/cisco_ise/1.32.3/img/cisco-ise-logo.svg", "title": "Cisco ISE logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "security", "network", "iam" ], "signature_path": "/epr/cisco_ise/cisco_ise-1.32.3.zip.sig", "format_version": "3.0.3", "readme": "/package/cisco_ise/1.32.3/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/cisco-ise-screenshot.png", "path": "/package/cisco_ise/1.32.3/img/cisco-ise-screenshot.png", "title": "Cisco ISE dashboard screenshot", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/cisco_ise/1.32.3/LICENSE.txt", "/package/cisco_ise/1.32.3/changelog.yml", "/package/cisco_ise/1.32.3/manifest.yml", "/package/cisco_ise/1.32.3/validation.yml", "/package/cisco_ise/1.32.3/docs/README.md", "/package/cisco_ise/1.32.3/img/cisco-ise-logo.svg", "/package/cisco_ise/1.32.3/img/cisco-ise-screenshot.png", "/package/cisco_ise/1.32.3/img/cisco-ise-setup.png", "/package/cisco_ise/1.32.3/kibana/tags.yml", "/package/cisco_ise/1.32.3/data_stream/log/manifest.yml", "/package/cisco_ise/1.32.3/data_stream/log/sample_event.json", "/package/cisco_ise/1.32.3/docs/knowledge_base/service_info.md", "/package/cisco_ise/1.32.3/kibana/dashboard/cisco_ise-44afda90-3991-11ed-bb16-3b8b6259e7b8.json", "/package/cisco_ise/1.32.3/kibana/dashboard/cisco_ise-506e8200-39a5-11ed-a2b2-1d4b9d412e28.json", "/package/cisco_ise/1.32.3/kibana/dashboard/cisco_ise-6b611af0-39a0-11ed-a2b2-1d4b9d412e28.json", "/package/cisco_ise/1.32.3/kibana/dashboard/cisco_ise-a42bdb60-39a8-11ed-a2b2-1d4b9d412e28.json", "/package/cisco_ise/1.32.3/kibana/dashboard/cisco_ise-db12cdf0-3a2f-11ed-a2b2-1d4b9d412e28.json", "/package/cisco_ise/1.32.3/kibana/dashboard/cisco_ise-e0ca7fa0-398e-11ed-bb16-3b8b6259e7b8.json", "/package/cisco_ise/1.32.3/kibana/dashboard/cisco_ise-e2146a20-39a1-11ed-a2b2-1d4b9d412e28.json", "/package/cisco_ise/1.32.3/kibana/dashboard/cisco_ise-fcb9bc40-3a32-11ed-a2b2-1d4b9d412e28.json", "/package/cisco_ise/1.32.3/kibana/search/cisco_ise-2c7c0eb0-a505-11ec-ab9d-4b8e737a22d9.json", "/package/cisco_ise/1.32.3/kibana/search/cisco_ise-39e47010-a09b-11ec-a0a2-1598702abf83.json", "/package/cisco_ise/1.32.3/kibana/search/cisco_ise-47c77dc0-a065-11ec-a0a2-1598702abf83.json", "/package/cisco_ise/1.32.3/kibana/search/cisco_ise-5f739b70-a0a6-11ec-a0a2-1598702abf83.json", "/package/cisco_ise/1.32.3/kibana/search/cisco_ise-ac5b9ba0-a02d-11ec-a0a2-1598702abf83.json", "/package/cisco_ise/1.32.3/kibana/search/cisco_ise-d1ba7b80-a075-11ec-a0a2-1598702abf83.json", "/package/cisco_ise/1.32.3/kibana/search/cisco_ise-eecf4510-a058-11ec-a0a2-1598702abf83.json", "/package/cisco_ise/1.32.3/kibana/search/cisco_ise-f681d1f0-a09f-11ec-a0a2-1598702abf83.json", "/package/cisco_ise/1.32.3/data_stream/log/fields/agent.yml", "/package/cisco_ise/1.32.3/data_stream/log/fields/base-fields.yml", "/package/cisco_ise/1.32.3/data_stream/log/fields/ecs.yml", "/package/cisco_ise/1.32.3/data_stream/log/fields/fields.yml", "/package/cisco_ise/1.32.3/data_stream/log/agent/stream/filestream.yml.hbs", "/package/cisco_ise/1.32.3/data_stream/log/agent/stream/tcp.yml.hbs", "/package/cisco_ise/1.32.3/data_stream/log/agent/stream/udp.yml.hbs", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_ad_connector.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_administrative_and_operational_audit.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_alarm.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_authentication_flow_diagnostics.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_failed_attempts.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_guest.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_identity_stores_diagnostics.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_internal_operations_diagnostics.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_monitoring_data_purge_audit.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_mydevices.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_passed_authentications.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_policy_diagnostics.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_posture_and_client_provisioning_audit.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_accounting.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_radius_diagnostics.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_system_statistics.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_tacacs_accounting.yml", "/package/cisco_ise/1.32.3/data_stream/log/elasticsearch/ingest_pipeline/pipeline_threat_centric_nac.yml" ], "policy_templates": [ { "name": "Cisco ISE", "title": "Cisco_ISE logs", "description": "Collect Cisco ISE logs.", "inputs": [ { "type": "tcp", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9025 }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect Cisco ISE logs via TCP input", "description": "Collecting Cisco ISE logs via TCP input." }, { "type": "udp", "vars": [ { "name": "listen_address", "type": "text", "title": "Listen Address", "description": "The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "listen_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9026 } ], "title": "Collect Cisco ISE logs via UDP input", "description": "Collecting Cisco ISE logs via UDP input." }, { "type": "filestream", "title": "Collect Cisco ISE logs using filestream input", "description": "Collecting Cisco ISE logs using filestream input." } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "cisco_ise.log", "title": "Cisco ISE logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "tcp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "cisco_ise-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "When interpreting syslog timestamps without a time zone, use this timezone offset. Datetimes recorded in logs are by default interpreted in relation to the timezone set up on the host where the agent is operating. Use this parameter to adjust the timezone offset when importing logs from a host in a different timezone so that datetimes are appropriately interpreted. Both a canonical ID (such as \"Europe/Amsterdam\") and an HH:mm differential (such as \"-05:00\") are acceptable timezone formats.", "multi": false, "required": false, "show_user": true }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "tcp.yml.hbs", "title": "Cisco_ISE logs", "description": "Collect Cisco ISE logs via TCP input.", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "udp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "cisco_ise-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "When interpreting syslog timestamps without a time zone, use this timezone offset. Datetimes recorded in logs are by default interpreted in relation to the timezone set up on the host where the agent is operating. Use this parameter to adjust the timezone offset when importing logs from a host in a different timezone so that datetimes are appropriately interpreted. Both a canonical ID (such as \"Europe/Amsterdam\") and an HH:mm differential (such as \"-05:00\") are acceptable timezone formats.", "multi": false, "required": false, "show_user": true }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "Cisco_ISE logs", "description": "Collect Cisco ISE logs via UDP input.", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "filestream", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/cisco_ise*" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "cisco_ise-log" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "When interpreting syslog timestamps without a time zone, use this timezone offset. Datetimes recorded in logs are by default interpreted in relation to the timezone set up on the host where the agent is operating. Use this parameter to adjust the timezone offset when importing logs from a host in a different timezone so that datetimes are appropriately interpreted. Both a canonical ID (such as \"Europe/Amsterdam\") and an HH:mm differential (such as \"-05:00\") are acceptable timezone formats.", "multi": false, "required": false, "show_user": true }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "filestream.yml.hbs", "title": "Cisco_ISE logs", "description": "Collect Cisco ISE logs via file input.", "enabled": true, "ingestion_method": "File" } ], "package": "cisco_ise", "path": "log" } ] }