cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

538
Views
5
Helpful
8
Replies
Highlighted
Beginner

Cisco ISE - Posture

Hi,

 

is there a way to get Hardware properties "Serial Number" with anyconnect agent?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Cisco ISE - Posture

By default, there is a check called “Hardware_Attributes_Check” which can give you Hardware attributes of both Windows and MAC devices. These hardware attributes includes

  1. BIOS manufacturer, Model and Serial number
  2. CPU Name, speed, usage, no. of cores and processors
  3. Memory size and usage
  4. Harddisk
  5. UDID
  6. OS types ..etc

Hardware-check.png

 

 

Create a policy with this condition and you would be able to gather Hardware properties of windows and MAC Devices.

Once posture is done, You would be able to find the details of endpoint under Context visibility > endpoints > hardware.

 

CV-HW.png

View solution in original post

8 REPLIES 8
Highlighted
Rising star

Re: Cisco ISE - Posture

If you can find the registry key where the information is stored, you can have ISE check that registry key as a posture condition.

Highlighted
Cisco Employee

Re: Cisco ISE - Posture

Can you please elaborate on this? Since AnyConnect agent is not hardware, but software. I don't believe that we can gather that information from the agent. 

Highlighted
Beginner

Re: Cisco ISE - Posture

Both MAC OS and windows machine have SN, can i gather the information with AC client as part of posture process? 

Highlighted
Cisco Employee

Re: Cisco ISE - Posture

This would not be Posture, but Profiling of the endpoint. In Posture, we set the condition on ISE and make sure endpoint passes it in order to get compliant. It is not feasible to create multiple (registry check for SN) conditions for all the endpoints in environment. The requirement which you have is fetching SN of the endpoint which could be done in Profiling. I am not sure if this can be accomplished via Profiling feature as of now. If not, it could be a valid enhancement. Hope this helps. 

 

Regards,

Saurabh

Highlighted
Collaborator

Re: Cisco ISE - Posture

Hi,

 

   AnyConnect Identity Extensions is available for both mobile and non-mobile platform:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118944-technote-anyconnect-00.html

https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

 

   If you need thorough and detailed information about endpoints, make use of Context Visibility, but this is not done through AnyConnect:

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_admin_guide_27/b_ise_admin_guide_27_chapter_01.html#TheHardwareTab

 

Regards,

Cristian Matei.

 

Highlighted
Cisco Employee

Re: Cisco ISE - Posture

Hi Oron, were you able to find a solution to this? I have a similar ask from a customer and have been looking into how to accomplish this. 

Highlighted
Cisco Employee

Re: Cisco ISE - Posture

Please see the ISE Posture Prescriptive Deployment Guide under the section Agent Considerations for a list of all possible Conditions that you can check for per Platform. It does show that you can get a Hardware Inventory for Windows and macOS but unclear what that does or does not include. You can see the results of your Hardware Inventory under Context Visibility:

image.png

Highlighted
Cisco Employee

Re: Cisco ISE - Posture

By default, there is a check called “Hardware_Attributes_Check” which can give you Hardware attributes of both Windows and MAC devices. These hardware attributes includes

  1. BIOS manufacturer, Model and Serial number
  2. CPU Name, speed, usage, no. of cores and processors
  3. Memory size and usage
  4. Harddisk
  5. UDID
  6. OS types ..etc

Hardware-check.png

 

 

Create a policy with this condition and you would be able to gather Hardware properties of windows and MAC Devices.

Once posture is done, You would be able to find the details of endpoint under Context visibility > endpoints > hardware.

 

CV-HW.png

View solution in original post