cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3672
Views
0
Helpful
6
Replies

Auto remediation of IBM BIGFIX (IEM)

dngore
Cisco Employee
Cisco Employee

Hi,

We are working on PoC for a customer to get order for ISE.

Customer has IBM BIGFIX for patch management and endpoint management for maintaining different agents.

ISE supports IBM BIGFIX for posture compliance perspective.

Does it support auto remediation for IBM BIGFIX? If yes then how it works? Will ISE posture agent trigger IEM agent (BES agent) to communicate with IEM server and download required patches or agent software?

Kindly help to get more insight on this so that we can demonstrate it in PoC.

Kindly share if any detail document is available on this.

Regards,

D.M.Gore

1 Accepted Solution

Accepted Solutions

There is a long and escalated thread on this and other questions related to IEM integration that was raised with BU.  Please use that internal communication.  In short, current OPSWAT support for IEM is limited in its options for remediation. Triggering the UI means that AnyConnect will trigger the BigFix (IEM) client to display the IEM client user interface which would provide more details on compliance status and policy updates.  It is basically forcing the end user to open the patch management client to remediate before proceeding.

/Craig

View solution in original post

6 Replies 6

hslai
Cisco Employee
Cisco Employee

ISE is not currently having update remediation support for BigFix.

dngore
Cisco Employee
Cisco Employee

Thanks for confirming non-availability of automatic patch installation for IBM IEM.

But ISE shows support for "show UI Remediation support" or "Activate patch management software GUI" as one of the remediation actions for IBM IEM patch management remediation. It is valid for IBM Endpoint Manager and IBM Endpoint Manager Client. What it does? and why it is for IEM Manager? Does it mean that ISE will activate software on IEM server?

There is a long and escalated thread on this and other questions related to IEM integration that was raised with BU.  Please use that internal communication.  In short, current OPSWAT support for IEM is limited in its options for remediation. Triggering the UI means that AnyConnect will trigger the BigFix (IEM) client to display the IEM client user interface which would provide more details on compliance status and policy updates.  It is basically forcing the end user to open the patch management client to remediate before proceeding.

/Craig

Thx Craig for reply.

Can user update patches by accessing patch management client GUI without admin right?

Per previous...

"There is a long and escalated thread on this and other questions related to IEM integration that was raised with BU.  Please use that internal communication." 

Let's avoid multiple discussions on same topic.  To close out this post, AC requires admin privs for initial install.  If IEM client is installed, then it should have the necessary privilege to install patches. The server is working through the client.

/Craig

@craig, am curently having this problem; what was the solution? any documentation?