Shortcut: cs.co/nvm
This is a jump off point for Cisco Network Visibility (NVM) to other resources on the solution and product.
Demo
cs.co/selling-ise-demos
For CESA options, use the following demos, check the page above for the latest:
- Cisco ISE 3.1 Enterprise, Security & Ecosystem Integrations
- Cyber Defense Clinic
CESA Solution
NVM Collector
Cisco Anyconnect NVM Module
Cisco SecureX solution
How can I use Cisco NVM data?
- Directly implement a collector via the nvzFlow (IPFIX+) protocol. [mostly vendors and partners do this not customers] https://developer.cisco.com/site/network-visibility-module/
- Point their NVM Collector at a syslog compliant server and handle the 3 syslog feeds directly.
Note there is also a plugin for Kafka that ships with the collector so that they can use ELK
- Use Splunk and our existing integration offering.(CESA POV - Cisco Endpoint Security Analytics)
Does NVM work with IBM QRadar?
QRadar natively supports IPFix (without the need for the NVM collector). Anyconnect NVM module will point to IBM Qradar collector for data ingestion.
- There may be unique fields that you want to bring in from your nvzFlows. You can add Ariel Tagged Fields for these items using the POST /Ariel/taggedfields API. Note that the "tag" field will be the combination of your PEN and information element ID (tag = PEN << 16 | IE).
- Also not all NVM fields can be directly mapped to the QRadar equivalent, the additional fields need to be imported through additional APIs.
- IBM customer would have to work with their own analytics dashboard. In short its more work on IBM team from implementation perspective if they want to go that way
If you have questions please reach out to IBM support team as this is the only information we have from Cisco as we don't support or have an app for it.
Where can I find information about NVM?