This post is going to go over the integration of ISE 2.1 and AMP for Endpoints. ISE 2.1 introduces the concept of a "Threat Centric NAC" which allows you to configure vulnerabiltiy and threat adapters to send high fidelity Indicators of Compromise (IoC), Threat Detected events, and CVSS scores to ISE so that threat-centric access policies can be created to change the privilege of the endpoint accordingly.
In this post, I'm going to go over host groups and why they're so critical to the StealthWatch system. Using host groups correctly in the StealthWatch system will ensure that you're alerted correctly on events and that the information given to you is more relevant to your enterprise
I'm definitely going to go over this more in future posts after I'm done with my StealthWatch series. I'll just post this high level information about some of the additional features of ISE 2.1 which I'm pretty excited about.
In this post, we're going to dig in to the SMC Client and learn the structure a bit better. This will help us navigate around the StealthWatch system and find valuable information.