Hello Rapid 7 Community,
I wanted to put this out here and see if anyone by chance has successfully configured Cisco ISE logs to come into Rapid 7 using the already existing product types in InsightIDR and have the Authentication logs enrich the case data.
To keep this short I discovered yesterday I have a hole in my authentication log data, where my logs show a user getting locked out and having nothing but successful authentications when pulling the logs into the case management platform.
My question is if you have successfully done this what product type did you choose and why? I am currently testing the Universal Ingress Auth one today. But just wanted to collect feedback from you guys and see if anyone else has overcome this challenge.