Solved

Enrich DHCP Logs, With ISE Cisco Logs. To see Switchports

1 year ago
26 September 2022
2 replies
132 views

Mike Furrer
Inspiring
8 replies

Hi there.
So we Have a Alert rule, that alerts us when a Unknown and New Device, leases a DHCP Adress, to prevent unwanted Physical Access.
Now We wanted to Enrich said DHCP log, by adding Information of our ISE/Switch Logs, so that when we get the Incident from the Alert rule, we also see what Switch and Switchport, this Unknown device is Hanging at.
We are Pretty sure that should be Possible, but I haven’t figured out how yet.

Cheers Mike Furrer

icon

Best answer by Prabesh.B 3 October 2022, 08:35

View original

2 replies

A

Anonymous
0 replies
1 year ago
27 September 2022

@Prabesh Bhatta maybe you can assist? :)

Prabesh.B
LogPoint Team
9 replies
1 year ago
3 October 2022
Answer

Hi Mike,

You can create a Dyaminc table extracting the needed information from ISE/Switch Logs. Once you have the table you can use that table to enrich the DHCP log just like we can enrich with a CSV file. You might need to hit and trail to see if this works or not.

Useful Links:

https://docs.logpoint.com/docs/data-integration-guide/en/latest/Configuration/List%20and%20Tables.html

https://docs.logpoint.com/docs/data-integration-guide/en/latest/Configuration/Enrichment%20Sources.html#adding-iptohost-as-an-enrichment-source

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded