02-03-2020 06:33 AM - edited 02-21-2020 11:13 AM
Hi,
is there a way to get Hardware properties "Serial Number" with anyconnect agent?
Solved! Go to Solution.
04-03-2020 11:09 PM
By default, there is a check called “Hardware_Attributes_Check” which can give you Hardware attributes of both Windows and MAC devices. These hardware attributes includes
Create a policy with this condition and you would be able to gather Hardware properties of windows and MAC Devices.
Once posture is done, You would be able to find the details of endpoint under Context visibility > endpoints > hardware.
02-03-2020 07:57 AM
If you can find the registry key where the information is stored, you can have ISE check that registry key as a posture condition.
03-14-2020 11:12 AM
Can you please elaborate on this? Since AnyConnect agent is not hardware, but software. I don't believe that we can gather that information from the agent.
03-14-2020 11:49 PM
Both MAC OS and windows machine have SN, can i gather the information with AC client as part of posture process?
03-17-2020 08:57 AM
This would not be Posture, but Profiling of the endpoint. In Posture, we set the condition on ISE and make sure endpoint passes it in order to get compliant. It is not feasible to create multiple (registry check for SN) conditions for all the endpoints in environment. The requirement which you have is fetching SN of the endpoint which could be done in Profiling. I am not sure if this can be accomplished via Profiling feature as of now. If not, it could be a valid enhancement. Hope this helps.
Regards,
Saurabh
03-14-2020 11:45 AM
Hi,
AnyConnect Identity Extensions is available for both mobile and non-mobile platform:
https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456
If you need thorough and detailed information about endpoints, make use of Context Visibility, but this is not done through AnyConnect:
Regards,
Cristian Matei.
04-01-2020 05:07 PM
Hi Oron, were you able to find a solution to this? I have a similar ask from a customer and have been looking into how to accomplish this.
04-03-2020 03:32 PM
Please see the ISE Posture Prescriptive Deployment Guide under the section Agent Considerations for a list of all possible Conditions that you can check for per Platform. It does show that you can get a Hardware Inventory for Windows and macOS but unclear what that does or does not include. You can see the results of your Hardware Inventory under Context Visibility:
04-03-2020 11:09 PM
By default, there is a check called “Hardware_Attributes_Check” which can give you Hardware attributes of both Windows and MAC devices. These hardware attributes includes
Create a policy with this condition and you would be able to gather Hardware properties of windows and MAC Devices.
Once posture is done, You would be able to find the details of endpoint under Context visibility > endpoints > hardware.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide