Profiling in Cisco ISE
We can discuss Profiling Probes in Cisco ISE --
ISE has several methods of detecting what type of device is connecting to the network, mostly we are using a common method to identify device.
• Network Scan (NMAP) --
Will run an intrusive scan on the endpoint. Typically used in conjunction with other probes and only when necessary.
• DNS
Checks DNS records for additional information.
• SNMPQUERY/SNMPTRAP
Gathers information from SNMP. This is typically used to help identify networking equipment.
• Active Directory
Queries AD for additional endpoint information for AD joined devices.
• pxGrid
Used with the Cisco Industrial Network Director (not covered in this course
frequently.
• The matched rules are added together to determine a Certainty
Factor.
• If the added rules exceed the “Minimum Certainty Factor”, the
overall profile is matched.
No comments