Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2443
Views
5
Helpful
2
Replies

ISE Posture remediation actions

Go to solution
danhamil
Cisco Employee
Cisco Employee

‎04-29-2019 12:29 PM

Team,

I have a few questions regarding setting up Posture remediation actions in ISE:

 

  1. Is ISE able to automatically install a missing file to a directory different than the "My Documents" directory? Default behavior is to prompt the user to install file in the My Documents directory.  Is it possible to specify a set directory instead?
  2. Can ISE restart a service without installation as a remediation action?
  3. If the remediation action is set to "Message Text Only", and you allow the machine onto the network without restrictions, can an alarm be sent to a specified email address? I didn't see any alarms for failed posture in the alarm settings section.

 

Thanks,

-Dan

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎04-30-2019 07:21 AM

Dan,

Based on what I could find, none of those options are supported today. Please reach out to the PM team to submit a feature request.

Regards,
-Tim

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎04-30-2019 07:21 AM

Dan,

Based on what I could find, none of those options are supported today. Please reach out to the PM team to submit a feature request.

Regards,
-Tim
0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎04-30-2019 02:34 PM

Following are answers to your questions:

1. You could use a script that would pull a file down and place it wherever you want.  But that script would have to be prepositioned on the machines.  In your remediation action, you would use launch program and specify your script information.  Or it could just be a command-line that you launch to copy from a shared folder (i.e. "copy \\<server ip>\folder\filename C:\folder\filename").

2. Yes, you can stop, start, restart services using the launch program remediation action.  The command would be "net start <servicename>" to start a service.

3. I assume you mean that you want to present a dialog box to the user but still allow them access to the network.  If that is correct, then you would have to set that requirement to "optional."  The problem is that for "optional" and "audit", all posture compliance shows as passed/compliant.  You would have to run reports to see which endpoints failed on certain checks.  Another option would be to process the Syslog events for "Posture and Client Provisioning Audit".  You would have to script the processing or create a parser in your Syslog server tool.

HTH,

Colby

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents