topic Re: ISE posture condition for critical security OS patches in Network Access Control

ISE posture condition for critical security OS patches

jitendrac — Mon, 11 Jul 2022 16:49:36 GMT

Hi All ,
We have ISE 3.0 setup for one of customer. I am trying to build posture condition to validate if windows 10 endpoint has latest critical security patches installed.
Customer do not have WSUS or SCCM which can be leverage under patch management condition.
I can see some cisco predefined compound condition "pr_Win10_64_Hotfixes" and "pr_Win10_32_Hotfixes" however i can not see same while creating Requirements ?
Any idea how can i use "pr_Win10_64_Hotfixes" and "pr_Win10_32_Hotfixes" in posture requirements
OR
Any better way to create posture condition for validation on windows 10 critical security updates ?

I have gone through https://community.cisco.com/t5/network-access-control/how-to-configure-ise-posture-to-check-windows-10-is-running-the/td-p/4043406 but not able to understand .

Re: ISE posture condition for critical security OS patches

hslai — Wed, 13 Jul 2022 12:17:58 GMT

See ISE 3.1 Admin Guide / Chapter: Compliance / Posture Assessment Requirements / Create Client Posture Requirements

Note
To create a Posture Requirement to validate all Windows 10 hotfixes in the environment, you must configure the Conditions area of your Requirement to include both pr_Win10_32_Hotfixes and pr_Win10_64_Hotfixes via AND '&' statement. To view the details of the validated conditions for an endpoint, from the main menu, choose Operations > Reports > Reports > Endpoints and Users > Posture Assessment by Endpoints. Click the endpoint to view the corresponding posture details.

(view in My Videos)

Re: ISE posture condition for critical security OS patches

jitendrac — Tue, 12 Jul 2022 05:44:55 GMT

Hi hslai ,

Customer do not have WSUS or SCCM. They only have Desktop Central from ManageEngine which i believe is not supported by ISE . So i need some other way to create posture condition for validation on windows 10 critical security updates.

Not sure how i should move forward ?

Re: ISE posture condition for critical security OS patches

hslai — Wed, 13 Jul 2022 00:47:50 GMT

I edited my reply above.

Re: ISE posture condition for critical security OS patches

jitendrac — Wed, 13 Jul 2022 05:29:36 GMT

Hi Hslai ,

Can you please check my attached screen shot of condition that i have created ?

Re: ISE posture condition for critical security OS patches

jitendrac — Wed, 13 Jul 2022 05:54:03 GMT

When i click on submit i am getting an error as attached

Re: ISE posture condition for critical security OS patches

hslai — Wed, 13 Jul 2022 13:26:02 GMT

I included a video in my post above.

Re: ISE posture condition for critical security OS patches

jitendrac — Wed, 13 Jul 2022 15:38:23 GMT

Thanks hslai for taking time to create video for me. Really appreciate your work.
With your help I am able to create Requirement and Posture Policy. I will this test this posture policy in UAT environment .
Once again thank you very much for your help

Re: ISE posture condition for critical security OS patches

jitendrac — Mon, 25 Jul 2022 10:37:27 GMT

Hi hslai ,

We have tested above pr_Win10_32_Hotfixes and pr_Win10_64_Hotfixes today 25 July 2022 on sample windows 10 Machine. There is report generated in Operations > Reports > Reports > Endpoints and Users > Posture Assessment by Endpoints however I am not sure how to interpret the result

Does passed condition give patches found and Failed Condition gives patches not found ?

Re: ISE posture condition for critical security OS patches

Marcelo Morais — Mon, 25 Jul 2022 12:08:13 GMT

Hi @jitendrac ,

yes, please click on the Detail icon of the Posture Assessment by Endpoint, there is a Posture Policy Details window with the following columns: Passed Conditions and Failed Conditions., for a better understanding of the conditions.

Hope this helps !!!

Re: ISE posture condition for critical security OS patches

jitendrac — Wed, 03 Aug 2022 07:07:33 GMT

Hi Marcelo,

Thanks for response can you please guide me on my below 2 query

1. How to interpret the result ? Does passed condition give applicable patches installed , Failed Condition gives applicable patches not installed and skipped condition give patches that were not applicable ?

2. In ISE GUI the result is not listed line by line . It is very difficult to read the result . Is there any log files where we can view result properly ?

Re: ISE posture condition for critical security OS patches

jitendrac — Wed, 03 Aug 2022 07:10:06 GMT

When we hover the mouse we get some details but not sure how this can extracted in proper format

Re: ISE posture condition for critical security OS patches

Marcelo Morais — Wed, 10 Aug 2022 04:18:11 GMT

Hi @jitendrac ,

At Work Centers > Posture > Posture Policy, at Requirements column, you are able to choose Mandatory, Optional and Audit for each requirement.
At Work Centers > Posture > Reports > Reports > Posture Assessment by Condition, at Condition Status column, you have the Passed, Failed and Skipped results.
Skipped is a Condition Status when End Users are allowed to skip the specified requirement because of the Optional Requirement.

Yes about the Passed/Failed Condition Status.

Note 1: you can use Posture Assessment by Condition (result is listed line by line)

Note 2: you can also use the Work Centers > Posture > Troubleshoot tool.

Hope this helps !!!