https://community.cisco.com/t5/network-access-control/tenable-ise-integration/m-p/4697145#M577517 <P>As you have seen you may use any of the attributes at your disposal to craft an authorization rule with CVSS score. I don't know what the "plugin id" is that you are referring to but if it is available in a RADIUS attribute from Tenable or other source then it could be used.</P> Sat, 01 Oct 2022 22:10:22 GMT thomas 2022-10-01T22:10:22Z https://community.cisco.com/t5/network-access-control/tenable-ise-integration/m-p/4693720#M577391 <P>I have started the process of integrating ISE and Tenable to allow ISE to trigger scans on endpoints based on how long its been since the last scan.&nbsp; Now that I have some results I am wondering if I can craft policy sets so that a device is allowed access based on a plugin-id.&nbsp; I can see that their are dictionary attributes that allow me to add a CVSS score outcome to the policy set matrix but sometimes that may be a little too much of a cleaver action.&nbsp; For example currently we are still supporting legacy webapps that require IE which is listed as a CVSS score of 10 by tenable so I would want to say something like device has a score of ten but not because of the plugin id for having IE installed.</P> Mon, 26 Sep 2022 13:11:46 GMT https://community.cisco.com/t5/network-access-control/tenable-ise-integration/m-p/4693720#M577391 blackhawk127 2022-09-26T13:11:46Z https://community.cisco.com/t5/network-access-control/tenable-ise-integration/m-p/4697145#M577517 <P>As you have seen you may use any of the attributes at your disposal to craft an authorization rule with CVSS score. I don't know what the "plugin id" is that you are referring to but if it is available in a RADIUS attribute from Tenable or other source then it could be used.</P> Sat, 01 Oct 2022 22:10:22 GMT https://community.cisco.com/t5/network-access-control/tenable-ise-integration/m-p/4697145#M577517 thomas 2022-10-01T22:10:22Z