Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
1
Replies

Can ISE define scan parameters for TC NAC in ISE?

Go to solution
joeshoj
Cisco Employee
Cisco Employee

‎10-28-2016 11:04 AM

Scenario: Customer waits 30 days to deploy MS Windows patches to ensure the patches are stable.  In this instance, their vulnerability scanner lists their windows machines as having high-scoring CVSS scores during this 30 day period.  Is there a way to exempt CVSS scores that are for vulnerabilities less than 30 days old, basically adjust the ISE policy to match their business requirements.


My understanding is that ISE simply receives the quarantine message from the AMP cloud and doesn't look at CVSS.

Thank you.

Joe

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎10-28-2016 11:48 AM

I don't think such a feature exists - this to me seems like something AMP would need to have as a way to not report a vulnerability until after X amounts of days due to customer procedures

imran.bashir1 is expert on this and I will consult with him as well

Configure ISE 2.1 Threat-Centric NAC (TC-NAC) with AMP and Posture Services - Cisco

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎10-28-2016 11:48 AM

I don't think such a feature exists - this to me seems like something AMP would need to have as a way to not report a vulnerability until after X amounts of days due to customer procedures

imran.bashir1 is expert on this and I will consult with him as well

Configure ISE 2.1 Threat-Centric NAC (TC-NAC) with AMP and Posture Services - Cisco

0 Helpful
Customers Also Viewed These Support Documents