Hi All,

We are currently implementing Cisco ISE Posture in a customer environment posture module :5.1.9.113

compilance module : 4.3.4582.8192

The issue we are facing is that ISE is marking endpoints as compliant, even when the Cortex definition date is outdated. We’ve verified on multiple machines that the definition date does not meet the requirement, yet they are still being marked as compliant by ISE.

We have the compliance module deployed, and posture checks are happening, but the AV/AM definition check seems to be bypassed or ignored. We’re specifically checking for the Cortex definition update date, and expected behavior is to flag non-compliance if the definitions are older than the defined threshold.

We do have a TAC case open for this, but we wanted to check with the community in parallel:Has anyone faced a similar issue with Cortex XDR integration?Is there a known limitation or restriction from Palo Alto regarding compliance visibility to ISE posture?Are there any workarounds or custom DAP policies we can use to enforce this check accurately?Is it confirmed that Palo Alto does not expose definition date in a format ISE posture can interpret?

If this is a product-level restriction from Palo Alto, we will drop the definition-based check and inform the customer accordingly. Any insight or guidance from your end would be really helpful for us to move forward on this.