Cisco ISE

Use the IBM Security QRadar Custom Properties for Cisco ISE content extension to closely monitor your Cisco ISE deployment.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar Custom Properties for Cisco ISE content extension 1.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Cisco ISE content extension 1.0.0.

Table 1. Custom Properties in IBM Security QRadar Custom Properties for Cisco ISE content extension 1.0.0
Name Optimized Capture Group Regex
AccountID No 1 UserAccountControl=(.*?),
Called Station ID No 1 Called-Station-ID=(.*?),
Calling Station ID No 1 Calling-Station-ID=(.*?),
Classification No 1 Class=(.*?),
Device Name No 1 NetworkDeviceName=(.*?),
DNS Host Name No 1 AD-Host-DNS-Domain=(.*?),
DNS Request Domain No 1 AD-Host-Resolved-DNs=(.*?),+\s
Group Name Yes 1 AD-Groups-Names=(.*?),
Packets Received No 1 Acct-Output-Packets=(\d+),
Packet Sent No 1 Acct-Input-Packets=(\d+),
SAM Account Name No 1 AD-Host-SamAccount-Name=(.*?),
State No 1 State=(.*?),
TLS Cypher No 1 TLSCipher=(.*?),
TLS Version Yes 1 TLSVersion=(.*?),
Type No 1 Acct-Status-Type=(.*?),