cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
737
Views
0
Helpful
1
Replies

Can ISE define scan parameters for TC NAC in ISE?

joeshoj
Cisco Employee
Cisco Employee

Scenario: Customer waits 30 days to deploy MS Windows patches to ensure the patches are stable.  In this instance, their vulnerability scanner lists their windows machines as having high-scoring CVSS scores during this 30 day period.  Is there a way to exempt CVSS scores that are for vulnerabilities less than 30 days old, basically adjust the ISE policy to match their business requirements.


My understanding is that ISE simply receives the quarantine message from the AMP cloud and doesn't look at CVSS.

Thank you.

Joe

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

I don't think such a feature exists - this to me seems like something AMP would need to have as a way to not report a vulnerability until after X amounts of days due to customer procedures

imran.bashir1 is expert on this and I will consult with him as well

Configure ISE 2.1 Threat-Centric NAC (TC-NAC) with AMP and Posture Services - Cisco

View solution in original post

1 Reply 1

Jason Kunst
Cisco Employee
Cisco Employee

I don't think such a feature exists - this to me seems like something AMP would need to have as a way to not report a vulnerability until after X amounts of days due to customer procedures

imran.bashir1 is expert on this and I will consult with him as well

Configure ISE 2.1 Threat-Centric NAC (TC-NAC) with AMP and Posture Services - Cisco