cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3071
Views
5
Helpful
12
Replies

ISE posture condition for critical security OS patches

jitendrac
Level 1
Level 1

Hi All ,
We have ISE 3.0 setup for one of customer. I am trying to build posture condition to validate if windows 10 endpoint has latest critical security patches installed.
Customer do not have WSUS or SCCM which can be leverage under patch management condition.
I can see some cisco predefined compound condition "pr_Win10_64_Hotfixes" and "pr_Win10_32_Hotfixes" however i can not see same while creating Requirements ?
Any idea how can i use "pr_Win10_64_Hotfixes" and "pr_Win10_32_Hotfixes" in posture requirements
OR
Any better way to create posture condition for validation on windows 10 critical security updates ?

I have gone through https://community.cisco.com/t5/network-access-control/how-to-configure-ise-posture-to-check-windows-10-is-running-the/td-p/4043406 but not able to understand .

 

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

See ISE 3.1 Admin Guide / Chapter: Compliance / Posture Assessment Requirements / Create Client Posture Requirements 

Note

To create a Posture Requirement to validate all Windows 10 hotfixes in the environment, you must configure the Conditions area of your Requirement to include both pr_Win10_32_Hotfixes and pr_Win10_64_Hotfixes via AND '&' statement. To view the details of the validated conditions for an endpoint, from the main menu, choose Operations > Reports > Reports > Endpoints and Users > Posture Assessment by Endpoints. Click the endpoint to view the corresponding posture details.

 


View solution in original post

12 Replies 12

hslai
Cisco Employee
Cisco Employee

See ISE 3.1 Admin Guide / Chapter: Compliance / Posture Assessment Requirements / Create Client Posture Requirements 

Note

To create a Posture Requirement to validate all Windows 10 hotfixes in the environment, you must configure the Conditions area of your Requirement to include both pr_Win10_32_Hotfixes and pr_Win10_64_Hotfixes via AND '&' statement. To view the details of the validated conditions for an endpoint, from the main menu, choose Operations > Reports > Reports > Endpoints and Users > Posture Assessment by Endpoints. Click the endpoint to view the corresponding posture details.

 


Hi hslai ,

Customer do not have WSUS or SCCM. They only have Desktop Central from ManageEngine which i believe is not supported by ISE . So i need some other way to create posture condition for validation on windows 10 critical security updates.

Not sure how i should move forward ?

I edited my reply above.

jitendrac
Level 1
Level 1

Hi Hslai ,

Can you please check my attached screen shot of condition that i have created ? 

When i click on submit i am getting an error as attached 

hslai
Cisco Employee
Cisco Employee

I included a video in my post above.

Thanks hslai for taking time to create video for me. Really appreciate your work.
With your help I am able to create Requirement and Posture Policy. I will this test this posture policy in UAT environment .
Once again thank you very much for your help

Hi hslai ,

We have tested above pr_Win10_32_Hotfixes and pr_Win10_64_Hotfixes today 25 July 2022 on sample windows 10 Machine. There is report generated in Operations > Reports > Reports > Endpoints and Users Posture Assessment by Endpoints however I am not sure how to interpret the result

Does passed condition give patches found and Failed Condition gives patches not found ?

Hi @jitendrac ,

 yes, please click on the Detail icon of the Posture Assessment by Endpoint, there is a Posture Policy Details window with the following columns: Passed Conditions and Failed Conditions., for a better understanding of the conditions.

 

Hope this helps !!!

Hi Marcelo,

Thanks for response can you please guide me on my below 2 query 

1. How to interpret the result ? Does passed condition give applicable patches installed , Failed Condition gives applicable patches not installed and skipped condition give patches that were not applicable ?

2. In ISE GUI the result is not listed line by line . It is very difficult to read the result . Is there any log files where we can view result properly ?

 

passed-condition.JPG

When we hover the mouse we get some details but not sure how this can extracted in proper format 

Hi @jitendrac ,

At Work Centers > Posture > Posture Policy, at Requirements column, you are able to choose Mandatory, Optional and Audit for each requirement.
At Work Centers > Posture > Reports > Reports > Posture Assessment by Condition, at Condition Status column, you have the Passed, Failed and Skipped results.
Skipped is a Condition Status when End Users are allowed to skip the specified requirement because of the Optional Requirement.

Yes about the Passed/Failed Condition Status.

Note 1: you can use Posture Assessment by Condition (result is listed line by line)

Note 2: you can also use the Work Centers > Posture > Troubleshoot tool.

Hope this helps !!!