# Cisco Identity Services Engine In this guide, you'll configure Cisco Identity Services Engine (ISE) to send logs to Radiant Security. Cisco ISE provides centralized network authentication, authorization, and accounting (AAA), generating security data on authentication attempts, authorization decisions, endpoint compliance, and access violations—all critical for threat detection and analysis. #### Prerequisites * [ ] Administrative access to Cisco ISE Admin Portal * [ ] Network connectivity between Cisco ISE and the Radiant Security Agent * [ ] Radiant Security Agent installed and configured (see prerequisites below) ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings > Data Connectors** and click **+ Add Connector**. 3. Search for and select the **Radiant Agent** option and then click **Data Feeds**, then select the **Cisco Identity Services Engine** and click **Credentials**. 4. Under **Credential Name**, give the credential an identifiable name (e.g., `Radiant Agent Integration`). If you already have a credential in place, select it from the drop-down menu. 5. Click **Add Connector**. 6. Click **Done** to save your changes. ### Configure a local Radiant Security Agent Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs. Once installed, the agent will act as the syslog receiver for Cisco ISE. Before you begin the [**Configure logging in Cisco ISE section**](#configure-logging-in-cisco-ise), ensure you have the following information from your agent installation: * The **IP address** or **hostname** of the server on which the Radiant Security Agent is installed. * The **port** configured for receiving Cisco ISE data. ### Configure logging in Cisco ISE To configure logging in Cisco ISE, you'll need to first configure a remote logging target and then map it to the intended log categories to forward auditable events. #### **Configure Remote Logging Target** 1. In the Cisco ISE GUI, click the **Menu** icon and choose **Administration** > **System** > **Logging** > **Remote Logging Targets**, then click **Add**. 2. Configure the following settings: * **Name**: Enter a descriptive name for the remote syslog server (e.g., `Radiant_Security_Syslog`). This is used for identification purposes. * **Target Type**: Select **TCP Syslog** * **Status**: Select **Enabled** * **Description**: (Optional) Enter a brief description of the target * **Host/IP Address**: Enter the IP address or hostname of the server running the Radiant Security Agent

Note: If using a Fully Qualified Domain Name (FQDN), configure DNS caching to avoid performance impact. Without DNS caching, ISE queries the DNS server each time a syslog packet is sent, which can severely impact performance. Use the service cache enable hosts ttl 180 command on all PSNs in the deployment.

* **Port**: Enter the port number the Radiant Security Agent is listening on (`6514`). Ensure the port is not blocked by firewalls. A valid range includes 1-65535 * **Facility Code**: Select **Local6** * **Maximum Length**: Set to `8192` * **Include Alarms For this Target**: Yes * **Comply to RFC 3164**: Yes 3. Click **Save** to create the remote logging target. When prompted with the warning **"You have chosen to create an unsecure (TCP/UDP) connection to the server. Are you sure you want to proceed?"**, click **Yes** to confirm. #### **Map Remote Logging Target to Categories** 1. In the Cisco ISE GUI, click the **Menu** icon and choose **Administration** > **System** > **Logging** > **Logging Categories**. 2. For **Log Categories,** select the parent categories: * `AAA Audit` * `AAA Diagnostics` * `Accounting` * `Administrative and Operational Audit` * `Posture and Client Provisioning Audit` * `Profiler` * `External MDM` * `Passive ID` 3. For **Log Severity Level**, select `INFO`. Some severity levels cannot be changed, so leave them as is. 4. For **Local Logging**, disable this setting if you do not want to save logs on the PSN generating them. 5. Under the **Targets** section, use the arrow icons to move the `Radiant_Security_Syslog` target from the **Available** area to the **Selected** area. This associates your remote logging target with the category. 4\. Click **Save** to apply the changes for each category. For more information on how to configure an external syslog server on ISE, check out [Configure External Syslog Server on ISE](https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/222223-configure-external-syslog-server-on-ise.html). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/cisco-identity-services-engine.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.