Jump to content


Photo

DCagent and Cisco ISE

ise dc dcagent

  • Please log in to reply
3 replies to this topic

#1 SaintFrag

SaintFrag
  • Members
  • 5 posts

Posted 21 January 2014 - 10:19 AM

After implementing Cisco ISE with an AD tie-in for CWA, I was curious if anyone knew of a way to have the DCagent pull the ISE logon events as well.  Currently, if a users authenticates on ISE's CWA it generates Event ID 4776 - Credential validation which looks something like this:

 

The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon Account: MyUser

Source Workstation: \\ISE

Error Code: 0x0

 

If the DCagent could somehow pull those events as well, I could give the proper web filter to even BYOD devices.

 

Unfortunately, I can't generate my own events in the Security log, as that'd be a simple solution.

 

Thanks in advance.



#2 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 21 January 2014 - 10:32 AM

HI saint,

 

This is a great idea and we have have raised a feature request # BNDCA-78 to track the implementation of this ideally for the future as it is not possible at this time!



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#3 SaintFrag

SaintFrag
  • Members
  • 5 posts

Posted 21 January 2014 - 10:47 AM

After posting that, I realized that ISE doesn't pass the user's IP address, so unless Barracuda can work with Cisco on changing something to allow for that, it's a futile endeavor.



#4 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 21 January 2014 - 11:29 AM

Good to know,

 

We also have a feature request # BNYF-8239 - Allow web filter to process syslog stream from wireless AP devices (with a patch to use now) , and could potentially be used for the ISE integration depending on the syslog output.



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com