Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
0
Helpful
2
Replies

Definition of "significant profile changes" in ISE Anomalous Endpoint Detection

Hoi Lam So
Level 1
Level 1

‎03-19-2019 04:01 AM

I am not sure about the meaning of "significant profile changes" in condition of Anomalous Endpoint Detection.

If there is a profile change from a profile to its parent profile, will it be a case of Anomalous Behavior?

On the other hand, if the profile is moving from a profile to its child profile, will it be a case of Anomalous Behavior?

1 person had this problem
0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎08-14-2019 04:17 AM

Hey @Hoi Lam So 

 

Did you get any answers to your question (outside of this community forum) ?  It's a great question and I was wondering the same thing.

0 Helpful

Hoi Lam So
Level 1
Level 1
In response to Arne Bier

‎08-14-2019 07:47 PM

No search from the outside Internet, there is few people to study/discuss this feature. I only did some test in my lab.

 

I have tried different combination. But I can't remember all result since it has been a long time ago. For your question, short answer, Yes, the anomalous still be triggered even in the same parent. When I study the log, I believe the actual trigger point is DHCP Class ID changed instead of profiled group changed.

 

Personally opinion, this feature shall be highlighted as a detection tools instead of policy tools. If anomalous is used in policies set, the false-positive cases will just make you crazy.

0 Helpful
Customers Also Viewed These Support Documents