Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1721
Views
0
Helpful
5
Replies

ISE 2.0 Integration with SCCM Patch Remediation

Rss
Level 1
Level 1

‎01-12-2016 11:24 AM - edited ‎03-10-2019 11:23 PM

Hi

I did a patch management condition to check the SCCM 5.X was "UptoDate", and a patch management remediation action to "Install missing patches" (the same SCCM 5.X).

The posture result is compliant, but I dont know exactly what is checking or comparing, becuase I delete some critical patches and the ISE did nothing.

Does anyone knows what could be wrong or some documentation to see the procedure to make this work?

I have ISE 2.0 and SCCM 5.X

Thanks for your help

1 person had this problem
Labels:
0 Helpful
5 Replies 5

nspasov
Cisco Employee
Cisco Employee

‎01-13-2016 09:44 AM

Have you checked the Admin Guide for ISE 2.0? Take a look at the link below that will take you to the explanation on how to create a Patch Management posture remediation condition:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_010110.html#task_DBFD37F536134843BC81C4DFEF34A8EC

Thank you for rating helpful posts!

0 Helpful

Rss
Level 1
Level 1
In response to nspasov

‎01-13-2016 10:13 AM

Thanks for your reply

Yes, I read the guide, but there is no much detail about what is comparing to, for example there are patch critical, optional, etc.

 

I dont know how the ISE check the installed patch and what are missing. (the only option is up to date)

Is there a way to do that?

Thanks

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to Rss

‎01-14-2016 08:51 AM

Sorry that is the only info that I have and I don't have SCCM to test this. Perhaps someone else can chime in here or better, you can test it and let us know what the results are :)

0 Helpful

sadashivpalde
Level 1
Level 1
In response to nspasov

‎11-13-2016 08:02 PM

Hello All,

I did a patch management condition in ISE2.0 to check the SCCM 5.X Installed, Enabled and UptoDate on a endpoint. but in Posture check report, I am observing this condition as Skipped instead of Pass or Fail. But if I am using application condition for SCCM, then its working fine.

Can anyone suggest??

0 Helpful

Ben.Levin
Level 1
Level 1

‎02-02-2016 11:49 AM

We just finished setting up ISE 2.0 in our lab and have the same requirement since we're getting ready to deploy ISE in production.  We want to make sure clients have up to date patches before we give them full network access.  However, the documentation doesn't say anything about how this process works.  We really need to understand it before we can properly test.  We're reaching out to our Cisco contacts to try to get more info.

0 Helpful
Customers Also Viewed These Support Documents