cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

787
Views
5
Helpful
6
Replies
Highlighted
Contributor

ISE 2.4 Hardware_Attributes_Check

Hi Experts,
In ISE 2.4, I see this posture condition, Hardware_Attributes_Check.
Cisco ISE - Hardwar attribute condition.png
But inside there are no other parameters to tune with?
How and when to use this posture condition?
Or what are the applicable use case when it comes to using this condition?

Thank you,

6 REPLIES 6
Highlighted
VIP Collaborator

I believe that condition is configured when you want to collect hardware information from your client machines.  The information would then be available in the Hardware Tab of the Context Visibility dashboard.  Following is a link to the hardware dashboard:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01.html#TheHardwareTab

Hardware attributes would be collected for both compliant and non-compliant machines.  I haven't used this condition before but I believe it would be one of those conditions that always pass.  It is more so just to tell the Anyconnect Posture agent to grab the information and report it to ISE.

Highlighted

Will this negate the use of device sensors and DNS and DHCP profiling which is configured over SSDIs?

Highlighted

Not at all.  Device sensor is used for profiling.  The hardware attributes are really just used for asset tracking and reporting on the hardware dashboard.

Highlighted

Thank you! That does really clear up a lot of things for me.
It is something of great value to the organization.

Highlighted

Colby,

Do you know how the information acquired for an endpoint via this Hardware Tab can be exported?  I have successfully gathered information using the Temporal agent on multiple workstations, but when performing an export of Endpoints via the GUI or "application configure ise -> option 16" via the CLI, I do not see the Serial Number data which is visible in the hardware tab.

 

Highlighted

You can try to run a posture report from Operations->Reports and see if that information is there.  Export the report to a repository and open in Excel to see what it has.  That is probably the only way that I can think of.

Content for Community-Ad