cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3198
Views
10
Helpful
8
Replies
dgaikwad
Contributor

ISE 2.4 Hardware_Attributes_Check

Hi Experts,
In ISE 2.4, I see this posture condition, Hardware_Attributes_Check.
Cisco ISE - Hardwar attribute condition.png
But inside there are no other parameters to tune with?
How and when to use this posture condition?
Or what are the applicable use case when it comes to using this condition?

Thank you,

1 ACCEPTED SOLUTION

Accepted Solutions

Thank you! That does really clear up a lot of things for me.
It is something of great value to the organization.

View solution in original post

8 REPLIES 8
Colby LeMaire
Collaborator

I believe that condition is configured when you want to collect hardware information from your client machines.  The information would then be available in the Hardware Tab of the Context Visibility dashboard.  Following is a link to the hardware dashboard:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01.html#TheHardwareTab

Hardware attributes would be collected for both compliant and non-compliant machines.  I haven't used this condition before but I believe it would be one of those conditions that always pass.  It is more so just to tell the Anyconnect Posture agent to grab the information and report it to ISE.

Will this negate the use of device sensors and DNS and DHCP profiling which is configured over SSDIs?

Not at all.  Device sensor is used for profiling.  The hardware attributes are really just used for asset tracking and reporting on the hardware dashboard.

Thank you! That does really clear up a lot of things for me.
It is something of great value to the organization.

Colby,

Do you know how the information acquired for an endpoint via this Hardware Tab can be exported?  I have successfully gathered information using the Temporal agent on multiple workstations, but when performing an export of Endpoints via the GUI or "application configure ise -> option 16" via the CLI, I do not see the Serial Number data which is visible in the hardware tab.

 

You can try to run a posture report from Operations->Reports and see if that information is there.  Export the report to a repository and open in Excel to see what it has.  That is probably the only way that I can think of.

Hello.
Can you help me please? I don`t understand how to add devices of other operating systems (android, linux). And in the Policy/posture section I can choose only windows or mac.

posture.jpg

 

pol_cond_hw.JPG

 

Because the posture policies are for only Windows and MacOS, if you want to posture android or iOS devices, then you would need to integrate a MDM solution with ISE.

As far as know, as off now, Linux is not supported for posture as well.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube