Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
942
Views
2
Helpful
3
Replies

Cisco Secure Endpoint as Posture Checking Agent On ISE

Connor Fowler
Level 1
Level 1

‎07-26-2023 08:26 AM

Hello Everyone, 

I was hoping someone could help me out with understanding the posture checking on Cisco ISE. 

The short question is: can I use the Cisco Secure Endpoint as the agent that will send the posture updates to Cisco ISE or will it only work with the Anyconnect agent?

I would like to limit the amount of software I need to install on endpoints and we have already provided the Cisco Secure Enpoint software for the site.

Appreciate the help!

Kind regards, 

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-26-2023 08:55 AM

Secure endpoint (for AMP for Endpoints) cannot act as a source of posture evaluation for ISE. You need either the ISE Posture agent or one of the options like temporal agent (installs dynamically and then removes itself only to check posture at connection time) or agentless posture (uses a service account of the host to report to ISE).

Connor Fowler
Level 1
Level 1
In response to Marvin Rhoads

‎07-31-2023 06:22 AM

Thanks, Marvin!

0 Helpful

Ken Stieers
VIP
VIP

‎07-26-2023 08:57 AM

No, but that's an interesting use case... but to get all of the info you'd want, you'd need to be on Secure Endpoint Advantage (you'd need Orbital)... but in the end, slow.
The posture language in ISE needs that specific piece as part of the Cisco Secure Client/AnyConnect stack.
You can add the ISE posture module to the headend so it gets installed when they connect, you don't have to push it...
Or if you use CSC cloud management, you can deploy it by just adding it to the deployment, and your endpoints should pick it up.

Customers Also Viewed These Support Documents