This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_Brodin
Contributor
‎2020-10-22 04:39 AM

Cisco ISE pxGrid identity parsing and population in gateway

Hi all

In the spring this year (2020), before Corona happened, we were implementing dot1x in the network with Cisco ISE, and also wanted to leverage Identity Awareness for access to servers and whatnot. We were also having issues with machine identities from ISE and Identity Collector.

I found that Cisco had created a very good example set on github, I used that project as a beginning for mine and created cp-pxgrid.

cp-pxgrid connects to the pxGrid network and parses information sent out there, looks for machine authentications and sends the information such as machine name and all provided IP-addresses, either IPv4 or IPv6, to participating gateways. The provided SGT from ISE is also sent as a group to the gateways.

Do note that I've since changed employer and don't have a CP/ISE environment to develop and test on.

Please, do enjoy, fork and change or contribute freely. Most if not all pull requests will be accepted.

It is easily changed to look for user authentications aswell, but our use was for machine authentications.

cp-pxgrid based on pxgrid-rest-ws

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events