Cisco Secure Workload- Connectors

A hybrid-cloud workload protection product called Cisco Secure Workload  is made to safeguard compute instances in both private clouds and on-premises data center.

This comprehensive workload protection solution is provided using machine learning, behaviour analysis, and algorithmic approaches. From the perspective of the consumer, the main difficulty is delivering a safe infrastructure without sacrificing agility.

⭐Related👉 : Part 1: Introduction to Cisco Secure Workload (Cisco Tetration)

Cisco Secure Workload Connectors are integrations that Secure Workload provides for a range of use cases such as flow ingestion, inventory enrichment, endpoint context and alert alerts.

Fig 1.1- Cisco Secure Workload- Connectors

1. Flow Ingest Connector- Netflow

• Telemetry data from various network devices (such as routers and switches) is collected.
• Telemetry data may be ingested via the IPFIX and NetFlow V9 protocols.
• Because it gives a network context, it may be utilized to find inventories.
• The connection assists in converting data from flow exports and securely sending it as Secure Workload flow records.

F5 Flow Ingest Connector

• Collects telemetry data from the F5 BIG-IP ADC, including client, server, and user context.
• Flow visibility of traffic load balanced by F5 BIG-IP ADC is enabled.
• Furthermore, the connector connects client-to-ADC and ADC-to-server flows and depicts them as connected flows for a certain transaction.

NetScaler Flow Ingest Connector 

• Gathers telemetry data from Citrix NetScaler (also known as Citrix ADC) equipment.
• Allows for flow visibility of traffic load balanced by the Citrix NetScaler appliance.
• Furthermore, the connector connects client-to-ADC and ADC-to-server flows and represents them as connected flows for a certain transaction.

Cisco ASA Flow Ingest Connector

• Collects telemetry data from Cisco ASA firewalls, including client and server context.
• Flow visibility of traffic passing via Cisco ASA firewalls is enabled.
• Furthermore, the connector connects client and server-side flows and depicts them as connected flows for a certain transaction.

Meraki Firewall Flow Ingest Connector

• Gathers telemetry data from Meraki Firewalls.
• Because it gives a network context, the acquired telemetry may be utilized to find inventories.
• The connection assists in converting data from flow outputs and securely sending it as Cisco Secure Workload flow records.

ERSPAN Flow Ingest Connector

• Allows Secure Workload to ingest flow observations from network routers and switches.
• When Secure Workload software agents cannot be installed on particular workloads, this is a viable option.
• Cisco switches will route the hosts' communications to the ERSPAN connection for processing.

Cisco AnyConnect Endpoint Connector

• Telemetry data is collected via the Cisco AnyConnect Network Visibility Module (NVM).
• AnyConnect NVM enables visibility and monitoring of endpoint and user behaviour both on and off premises.
• It transmits host, interface, and flow records in IPFIX format to a collector (e.g., AnyConnect connector).
• AnyConnect connection registers each AnyConnect endpoint as an agent within Cisco Secure Workload and gives information into endpoint network behaviour.

Cisco ISE Endpoint Connector

• Gathers data about endpoints and inventories maintained by Cisco ISE equipment.
• Registers each endpoint as an agent in Cisco Secure Workload and annotates inventory with Cisco ISE appliance information such as secure group tags, device kinds, and user attributes from Active Directory.
• Because the ISE connection performs inventory enrichment, it is advised that it be deployed alongside connectors that provide flow telemetry data (such as ASA and AnyConnect, for example).

Inventory Enrichment Connector- SNOW

• Collect CMDB information and service records from Service NOW instance and enriches endpoint inventories with CMDB attributes

Syslog Alert Connector

• Allows Cisco Secure Workload alerts to be streamed to a syslog server.
• Default severity mappings (may be customized)

Email Alert Connector

• Allows Secure Workload notifications to be emailed to one or more email addresses.
• The SMTP username and password are optional. If no username is supplied, Secure Workload connects to the SMTP server without requiring any authentication.
• To deliver alert messages, the Default Recipients list is utilized. If necessary, this can be modified per alert in the Alert settings.

Slack Alert Connector

• Enables notification of Secure Workload alerts to users on Slack channels
• Secure Workload alerts are published to the specified Slack webhook

Pager Duty Alert Connector

• Enables paging of Secure Workload alerts
• PagerDuty service key for pushing Secure Workload alerts on PagerDuty is specified

How are Connectors Developed and Maintained?

Secure Workload is used to activate and manage connectors (including configuration management). Each connection is activated on one of two types of virtual appliances, or a cloud connector in the case of the AWS connection (BETA).Secure Workload Ingest and Secure Workload Edge are the two virtual appliances.

Continue Reading...

• 10 Interview questions on Cisco Secure Workload (Tetration)
• Part 1: Introduction to Cisco Secure Workload (Cisco Tetration)
• Part 2: Sensor Deployment in Cisco Secure Workload (Cisco Tetration)
• Part 2: Cisco Secure Workload Use case
• LDAP Configuration in Cisco Secure Workload (Cisco Tetration)