In this video, we're going to configure RA VPN on the ASA using the ASDM client
Configuring PAT on an ASA
Licensing the ASAv from the CLI
Configuring SSH and ASDM Access on an ASA
ASA Interface Configuration
Deploying ASAv on vCenter
Stealthwatch Cloud Walkthrough
Stealthwatch Cloud Integration with AWS
In this video, we’re going to configure Stealthwatch Cloud integration with AWS. Stealthwatch Cloud is a security analytics tool that provide visibility, threat identification, and compliance. It works seamlessly across AWS, GCP, Azure and even your private LAN. After we're done configuring, Stealthwatch Cloud will be able to read the AWS VPC flow logs that contain all the network flow metadata. Stealthwatch Cloud then uses these VPC logs to perform entity modeling which essentially uses machine learning to create a models or simulation for every network entity. Based on observations, Stealthwatch Cloud can see if there are sudden changes in behavior or anomalous behavior in how the entity is acting and how it's being accessed.
Umbrella Integration with Stealthwatch Cloud
In this short video, we’re going to be integrating Umbrella with Stealthwatch Cloud. By integrating the two, this provides additional information about external entity IP addresses including geolocation-related information, whether the domain name was detected, and associated malicious domain names.
Meraki Integration with Stealthwatch Cloud
Profile Creation via API - ****DO NOT DO THIS WITH YOUR ISE PRODUCTION ENVIRONMENT****
This video is a little different than the previous ones that I’ve created. I’m starting it out by saying that you should NOT do this in production and this is only for a lab environment. This method is not supported by Cisco and we’re pretty much using a hack to create these profiles. If you call TAC because this doesn’t work or you break something, you’re not going to get support with it. That being said: It still has a very good use. Let’s say you do an endpoint dump from your production environment* of your production environment and you need to create a large number of custom profiles. In that situation, you can still spin up a lab virtual machine, create the profiles there using this method without risking your production environment, and then export the profiles as one bulk file from that lab system using the Export in Policy>Profiling.
Stealthwatch Cloud Raspberry Pi 3 Sensor Install
Quick ISE XML Profile Creator
In this video, we’re going to be walking through how to use a special Excel spreadsheet that will help you create XML ISE profiles quickly on the fly. It’s probably not going to be a huge time-saver if you’re going to be just creating one profile on the fly but it’ll be very useful when you have to do dozens. Obviously, you can take the output and script this to create the XML a bit cleaner as well.
ISE Custom Profiles: Can't See The Forest From The Trees
When it comes to profiling endpoints, I’ve noticed that even some of the more ISE-focused engineers even see it as something that’s magical and vague that happens behind the scenes. This is not specific to ISE either. I don’t think I’ve ever seen a network access control product that has 100% profiling fidelity or as granular as a customer might expect it to be. I would say that the built-in profiles for ISE probably identifies 90% of endpoints from at least a high level. The purpose of this blog post is to help remove some of that “behind-the-scenes” magic for you so you can making profiling work for you.