05-02-2017 10:52 AM
I am in the process of deploying a new SIEM and would prefer to use NetMRI's CLI access as a "jump box".
However, I would like to know if I can create a user in NetMRI that is automatically endowed with the proper login/enable credentials so that I do not have to configure yet another appliance with such credentials on my network.
05-05-2017 11:44 AM
There is some information missing to fully answer this however in general it is possible to use the CLI-PROXY feature in NetMRI 7.1 and later to do so.
The required setup to do so will depend on your authentication mechanism for your networking equipment and if your NetMRI super CLI user can be allowed access.
You will also need to deploy some form of macros on your SIEM in order to navigate through the cli prompts to the devices you want to poll.
05-05-2017 12:28 PM
Yes, I realized that I was pretty vauge in my question.
Basically what we are trying to achieve is 'least privilege'. So while we want this appliance to analyze our network, we don't want to have 'yet another appliance' with the enable credentials to 3000+ critical devices. So my hope was to have the ability for the appliance to use the NetMRI CLI as a 'jump box'. The only credentials I would then need to give the new appliance is its own login to NetMRI, once there, the appliance (probably through a plug-in or macros as you suggested) would 'connect' to the needed devices and NetMRI would supply the credentials.
But I think this is no longer an issue since I just found out that next month starts a project to deploy Cisco ISE throughout and we will be better able to lock down AAA accounts.
Thank you though!