cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1748
Views
0
Helpful
1
Replies

ISE 2.4 Posture (custom attributes)

paulturn
Cisco Employee
Cisco Employee

Hi team,

 

Question:

'Our concern is mainly about the solution for windows update/patch check for the environment where not all critical/important KB updates (released by Microsoft) are getting installed to all client, instead specific KB updates are installed based on complete impact assessment which takes almost 2-3 month of time upon release.

 

ISE do have windows update/patch condition with check of specific KB file status/date which keeps updated upon installation of new update/patch. The condition content also get refreshed based on posture update, need to understand the way forward and solution to check custom KB’s installation status (if anything other than custom windows check posture condition with specific KB file check, since this require manual modification in Windows update posture condition content which needs to be refreshed manually whenever specific KB’s are getting deployed on client system) and impact if any with such customized Posture check condition options instead pre-defined condition for Windows update/patch check.'

 

Looking at the above, I am assuming this will always be a manual process as only they will know what patches they install?

 

Many thanks in advance.

1 Accepted Solution

Accepted Solutions

howon
Cisco Employee
Cisco Employee

You can certainly use individual KB check but that would be time consuming to do so. I would recommend using Windows update check or SCCM within patch management posture policy depending on whether these are BYOD or corporate device. This will allow you to define which patches are needed in a single place on remediation server.

View solution in original post

1 Reply 1

howon
Cisco Employee
Cisco Employee

You can certainly use individual KB check but that would be time consuming to do so. I would recommend using Windows update check or SCCM within patch management posture policy depending on whether these are BYOD or corporate device. This will allow you to define which patches are needed in a single place on remediation server.