cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
211
Views
0
Helpful
1
Replies

Cisco ISE Posture Condition DLP-ForcePoint Version Check

wavarevivek1
Beginner
Beginner

Hi all,

We have Cisco ISE 2.7 patch 9 with anyconnect 4.10.x and compliance module 4.3.x.x.

We have one requirement to check the DLP-Forcepoint version check on all the endpoints as a posture condition.

Currently, we are checking agent presence via registry check condition.

Any suggestions?

 

1 Accepted Solution

Accepted Solutions

lohan
Cisco Employee
Cisco Employee

Hi  wavarevivek1 ,

To check the version of DLP-Forcepoint on all endpoints, you will need to configure a custom posture condition in Cisco ISE.

Here's a general guide on how to do it:

  1. Go to the ISE interface: Navigate to the ISE GUI and then to Work Centers > Posture > Policy Elements > Conditions > Posture.

  2. Create a new condition: Click on Create to create a new posture condition.

  3. Specify the condition: In the Condition Type drop-down, select Registry Condition.

  4. Configure the registry condition: For a registry check, you will need to know the exact registry key where the version information for DLP-Forcepoint is stored. Usually, this is in the 'HKEY_LOCAL_MACHINE' or 'HKEY_CURRENT_USER' section of the Windows Registry. You might need to contact Forcepoint support to get this information if you don't have it. Once you have the registry key, enter it in the Registry Key field. In the Registry Value field, specify the version of DLP-Forcepoint you want to check for.

  5. Set the rule: After you've configured the registry condition, you can create a rule in the Posture Policy section. If the condition is met (the correct version of DLP-Forcepoint is installed), the endpoint can be marked as compliant. If the condition isn't met, the endpoint can be marked as non-compliant and remediation actions can be taken.

Please note that this is a very general guide, and the exact steps may vary depending on your specific ISE version and setup. Always ensure to test the condition on a small group of endpoints before rolling it out to all users to ensure it works as expected.

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Network Analytics (formerly known as Stealthwatch) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

Best Regards,
Henry

View solution in original post

1 Reply 1

lohan
Cisco Employee
Cisco Employee

Hi  wavarevivek1 ,

To check the version of DLP-Forcepoint on all endpoints, you will need to configure a custom posture condition in Cisco ISE.

Here's a general guide on how to do it:

  1. Go to the ISE interface: Navigate to the ISE GUI and then to Work Centers > Posture > Policy Elements > Conditions > Posture.

  2. Create a new condition: Click on Create to create a new posture condition.

  3. Specify the condition: In the Condition Type drop-down, select Registry Condition.

  4. Configure the registry condition: For a registry check, you will need to know the exact registry key where the version information for DLP-Forcepoint is stored. Usually, this is in the 'HKEY_LOCAL_MACHINE' or 'HKEY_CURRENT_USER' section of the Windows Registry. You might need to contact Forcepoint support to get this information if you don't have it. Once you have the registry key, enter it in the Registry Key field. In the Registry Value field, specify the version of DLP-Forcepoint you want to check for.

  5. Set the rule: After you've configured the registry condition, you can create a rule in the Posture Policy section. If the condition is met (the correct version of DLP-Forcepoint is installed), the endpoint can be marked as compliant. If the condition isn't met, the endpoint can be marked as non-compliant and remediation actions can be taken.

Please note that this is a very general guide, and the exact steps may vary depending on your specific ISE version and setup. Always ensure to test the condition on a small group of endpoints before rolling it out to all users to ensure it works as expected.

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Network Analytics (formerly known as Stealthwatch) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

Best Regards,
Henry

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: