cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

145
Views
0
Helpful
1
Replies
Cisco Employee

ISE 2.4 Posture (custom attributes)

Hi team,

 

Question:

'Our concern is mainly about the solution for windows update/patch check for the environment where not all critical/important KB updates (released by Microsoft) are getting installed to all client, instead specific KB updates are installed based on complete impact assessment which takes almost 2-3 month of time upon release.

 

ISE do have windows update/patch condition with check of specific KB file status/date which keeps updated upon installation of new update/patch. The condition content also get refreshed based on posture update, need to understand the way forward and solution to check custom KB’s installation status (if anything other than custom windows check posture condition with specific KB file check, since this require manual modification in Windows update posture condition content which needs to be refreshed manually whenever specific KB’s are getting deployed on client system) and impact if any with such customized Posture check condition options instead pre-defined condition for Windows update/patch check.'

 

Looking at the above, I am assuming this will always be a manual process as only they will know what patches they install?

 

Many thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: ISE 2.4 Posture (custom attributes)

You can certainly use individual KB check but that would be time consuming to do so. I would recommend using Windows update check or SCCM within patch management posture policy depending on whether these are BYOD or corporate device. This will allow you to define which patches are needed in a single place on remediation server.

1 REPLY 1
Highlighted
Cisco Employee

Re: ISE 2.4 Posture (custom attributes)

You can certainly use individual KB check but that would be time consuming to do so. I would recommend using Windows update check or SCCM within patch management posture policy depending on whether these are BYOD or corporate device. This will allow you to define which patches are needed in a single place on remediation server.