Splunk® Supported Add-ons

Splunk Add-on for Cisco ISE

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Workflow actions in the Splunk Add-on for Cisco ISE

The Splunk Add-on for Cisco ISE includes a set of workflow actions that allow you to proactively act on received network security syslog events and quarantine/unquarantine an endpoint from the Splunk platform.

To use the workflow actions, you must either be a Splunk administrator or a user with the appropriate capability:

  • list_storage_passwords if you are using Splunk platform 6.5.0 or later
  • admin_all_objects if you are using an earlier version of the Splunk platform
Field or event Workflow action
EPS_Quarantine_By_Framed_IP_Address EPS quarantine by framed IP address
EPS_QuarantineByIPAddress EPS quarantine by IP address
EPS_QuarantineByMAC EPS quarantine by MAC address
EPS_UnquarantineByIPAddress EPS unquarantine by IP address
EPS_UnquarantineByMAC EPS unquarantine by MAC address
pxGrid_QuarantineByIP pxGrid ANC quarantine by IP address
pxGrid_UnQuarantineByIP pxGrid ANC unquarantine by IP address
pxGrid_QuarantineByMAC pxGrid ANC quarantine by MAC address
pxGrid_UnQuarantineByMAC pxGrid ANC unquarantine by MAC address
Last modified on 11 February, 2020
 

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters