Solved: Re: ISE 2.4 Hardware_Attributes_Check

dgaikwad · ‎03-04-2020

Hi Experts,
In ISE 2.4, I see this posture condition, Hardware_Attributes_Check.
Cisco ISE - Hardwar attribute condition.png
But inside there are no other parameters to tune with?
How and when to use this posture condition?
Or what are the applicable use case when it comes to using this condition?

Thank you,

dgaikwad · ‎03-08-2020

Thank you! That does really clear up a lot of things for me.
It is something of great value to the organization.

View solution in original post

Colby LeMaire · ‎03-04-2020

I believe that condition is configured when you want to collect hardware information from your client machines. The information would then be available in the Hardware Tab of the Context Visibility dashboard. Following is a link to the hardware dashboard:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01.html#TheHardwareTab

Hardware attributes would be collected for both compliant and non-compliant machines. I haven't used this condition before but I believe it would be one of those conditions that always pass. It is more so just to tell the Anyconnect Posture agent to grab the information and report it to ISE.

dgaikwad · ‎03-05-2020

Will this negate the use of device sensors and DNS and DHCP profiling which is configured over SSDIs?

Colby LeMaire · ‎03-05-2020

Not at all. Device sensor is used for profiling. The hardware attributes are really just used for asset tracking and reporting on the hardware dashboard.

dgaikwad · ‎03-08-2020

Thank you! That does really clear up a lot of things for me.
It is something of great value to the organization.

Taylor Cook · ‎10-21-2020

Colby,

Do you know how the information acquired for an endpoint via this Hardware Tab can be exported? I have successfully gathered information using the Temporal agent on multiple workstations, but when performing an export of Endpoints via the GUI or "application configure ise -> option 16" via the CLI, I do not see the Serial Number data which is visible in the hardware tab.

Colby LeMaire · ‎10-21-2020

You can try to run a posture report from Operations->Reports and see if that information is there. Export the report to a repository and open in Excel to see what it has. That is probably the only way that I can think of.

Rustam Akhmetzyanov · ‎06-02-2021

Hello.
Can you help me please? I don`t understand how to add devices of other operating systems (android, linux). And in the Policy/posture section I can choose only windows or mac.

dgaikwad · ‎06-02-2021

Because the posture policies are for only Windows and MacOS, if you want to posture android or iOS devices, then you would need to integrate a MDM solution with ISE.

As far as know, as off now, Linux is not supported for posture as well.

ISE 2.4 Hardware_Attributes_Check

ISE Webinars

CiscoISE on YouTube