Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3885
Views
0
Helpful
6
Replies

Auto remediation of IBM BIGFIX (IEM)

Go to solution
dngore
Cisco Employee
Cisco Employee

‎01-14-2017 08:15 AM

Hi,

We are working on PoC for a customer to get order for ISE.

Customer has IBM BIGFIX for patch management and endpoint management for maintaining different agents.

ISE supports IBM BIGFIX for posture compliance perspective.

Does it support auto remediation for IBM BIGFIX? If yes then how it works? Will ISE posture agent trigger IEM agent (BES agent) to communicate with IEM server and download required patches or agent software?

Kindly help to get more insight on this so that we can demonstrate it in PoC.

Kindly share if any detail document is available on this.

Regards,

D.M.Gore

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to dngore

‎01-18-2017 07:51 AM

There is a long and escalated thread on this and other questions related to IEM integration that was raised with BU.  Please use that internal communication.  In short, current OPSWAT support for IEM is limited in its options for remediation. Triggering the UI means that AnyConnect will trigger the BigFix (IEM) client to display the IEM client user interface which would provide more details on compliance status and policy updates.  It is basically forcing the end user to open the patch management client to remediate before proceeding.

/Craig

View solution in original post

0 Helpful
6 Replies 6

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-17-2017 07:12 PM

ISE is not currently having update remediation support for BigFix.

0 Helpful

Go to solution
dngore
Cisco Employee
Cisco Employee
In response to hslai

‎01-17-2017 11:34 PM

Thanks for confirming non-availability of automatic patch installation for IBM IEM.

But ISE shows support for "show UI Remediation support" or "Activate patch management software GUI" as one of the remediation actions for IBM IEM patch management remediation. It is valid for IBM Endpoint Manager and IBM Endpoint Manager Client. What it does? and why it is for IEM Manager? Does it mean that ISE will activate software on IEM server?

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to dngore

‎01-18-2017 07:51 AM

There is a long and escalated thread on this and other questions related to IEM integration that was raised with BU.  Please use that internal communication.  In short, current OPSWAT support for IEM is limited in its options for remediation. Triggering the UI means that AnyConnect will trigger the BigFix (IEM) client to display the IEM client user interface which would provide more details on compliance status and policy updates.  It is basically forcing the end user to open the patch management client to remediate before proceeding.

/Craig

0 Helpful

Go to solution
dngore
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎01-18-2017 09:15 AM

Thx Craig for reply.

Can user update patches by accessing patch management client GUI without admin right?

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to dngore

‎01-18-2017 09:35 AM

Per previous...

"There is a long and escalated thread on this and other questions related to IEM integration that was raised with BU.  Please use that internal communication." 

Let's avoid multiple discussions on same topic.  To close out this post, AC requires admin privs for initial install.  If IEM client is installed, then it should have the necessary privilege to install patches. The server is working through the client.

/Craig

0 Helpful

Go to solution
wkariuki
Level 1
Level 1
In response to Craig Hyps

‎06-17-2020 02:56 AM

@craig, am curently having this problem; what was the solution? any documentation?
0 Helpful
Customers Also Viewed These Support Documents