Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2946
Views
10
Helpful
12
Replies

How to change the order of posture conditions?

Go to solution
dgaikwad
Level 5
Level 5

‎08-16-2018 02:51 AM

Hi All,
Is there any way I could change the order of posture conditions?
This is under, Policy -> Posture?

 

I am using ISE 2.3.

 

Thank you,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee
In response to dgaikwad

‎08-20-2018 09:17 AM

You should order the requirements so it checks installation -> service status -> up-to-date. This way, if the application is not installed, then it will require user to take action without having to check to see if the service is running. Also, if if the application is installed, but not running, there is no need to check for Up-To-Date status. See sample below for an example posture policy rule requirement:Screen Shot 2018-08-20 at 11.15.00 AM.png

 

 

View solution in original post

12 Replies 12

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎08-16-2018 09:56 AM

You can't change the order of rules under Policy > Posture and ultimately you don't need to. If you have more than one rule that applies to Windows endpoints (for example), each rule will apply.

Regards,
-Tim
0 Helpful

Go to solution
RichardAtkin
Level 3
Level 3
In response to Timothy Abbott

‎08-16-2018 01:03 PM

I agree the order doesn’t matter, but when you’ve got lots of rules it would sometimes be good if you could sort them, particularly sort by OS, as it would make reading them easier.
0 Helpful

Go to solution
paul
Level 10
Level 10
In response to RichardAtkin

‎08-16-2018 08:32 PM

You can add more than one requirement to a rule to keep things neater.  Say you have a set of requirement for Windows Domain Computers.  Those requirements could all be in one rule.

0 Helpful

Go to solution
RichardAtkin
Level 3
Level 3
In response to paul

‎08-16-2018 10:24 PM

Yes, but then reporting gets a bit less granular and troubleshooting gets a bit harder because if you hide lots of conditions in one rule, it’s less easy to know which one failed.

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to RichardAtkin

‎08-17-2018 10:15 AM

You can sort them by OS. There is a search bar in the upper right hand corner of the posture policy screen with a drop down that lets you select operating system as the search criteria.
0 Helpful

Go to solution
RichardAtkin
Level 3
Level 3
In response to Timothy Abbott

‎08-19-2018 05:01 AM

That button is a 'filter', not a 'sort'... still, I hadn't spotted it and it's better than nothing - thanks Tim.
0 Helpful

Go to solution
dgaikwad
Level 5
Level 5
In response to Timothy Abbott

‎08-17-2018 12:40 AM

The reason I am asking is because I want to know if they are really run in a particular... Or does it run from top to bottom to report an endpoint either compliant or non-compliant?

0 Helpful

Go to solution
RichardAtkin
Level 3
Level 3
In response to dgaikwad

‎08-17-2018 06:49 AM

It works like one large AND statement; all conditions that match your device are evaluated and reported upon, the order the rules are presented in has no significance how they are implemented.

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee

‎08-17-2018 07:10 AM

Are you trying to change order of the posture rules or conditions? If it for rules, you can prepend numbers in front of the rule name to force manual ordering; 01, 02, 03,,,. 

0 Helpful

Go to solution
dgaikwad
Level 5
Level 5
In response to howon

‎08-20-2018 06:40 AM

Yes! That is exactly what I want to accomplish and the reason behind is that:
We have 3 conditions for SCCM and Anti-virus and manual remediation only in case if the any of them are not found installed.

So, if service is not running or disabled, auto remediate to start it.

If, service not found installed then, contact the administrator, is the message displayed.

While performing negative testing (uninstalled SCCM altogether), I found out that, posture check still gets stuck at checking for the service!!! Then times out after remediation timer!!

It's not going to find the service since the application does not exist on the endpoint!

 

So, that is what I am struggling with... so all this just to make the user experience a bit easier and reduce the number help desk calls...

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee
In response to dgaikwad

‎08-20-2018 09:17 AM

You should order the requirements so it checks installation -> service status -> up-to-date. This way, if the application is not installed, then it will require user to take action without having to check to see if the service is running. Also, if if the application is installed, but not running, there is no need to check for Up-To-Date status. See sample below for an example posture policy rule requirement:Screen Shot 2018-08-20 at 11.15.00 AM.png

 

 

Go to solution
dgaikwad
Level 5
Level 5
In response to howon

‎08-21-2018 12:46 AM

This is a good way to order the posture checks.

The only reason we did not go for this approach was there was a need for individual rule from the customer, so that they could troubleshoot this easily when time needed.

 

But, then with this I have got the idea of checking the services as well as installation of the particular application.

 

Thank you,

0 Helpful
Customers Also Viewed These Support Documents