Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2862
Views
5
Helpful
2
Replies

ISE Posture remediation actions

Go to solution
danhamil
Cisco Employee
Cisco Employee

‎04-29-2019 12:29 PM

Team,

I have a few questions regarding setting up Posture remediation actions in ISE:

 

  1. Is ISE able to automatically install a missing file to a directory different than the "My Documents" directory? Default behavior is to prompt the user to install file in the My Documents directory.  Is it possible to specify a set directory instead?
  2. Can ISE restart a service without installation as a remediation action?
  3. If the remediation action is set to "Message Text Only", and you allow the machine onto the network without restrictions, can an alarm be sent to a specified email address? I didn't see any alarms for failed posture in the alarm settings section.

 

Thanks,

-Dan

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎04-30-2019 07:21 AM

Dan,

Based on what I could find, none of those options are supported today. Please reach out to the PM team to submit a feature request.

Regards,
-Tim

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎04-30-2019 07:21 AM

Dan,

Based on what I could find, none of those options are supported today. Please reach out to the PM team to submit a feature request.

Regards,
-Tim
0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎04-30-2019 02:34 PM

Following are answers to your questions:

1. You could use a script that would pull a file down and place it wherever you want.  But that script would have to be prepositioned on the machines.  In your remediation action, you would use launch program and specify your script information.  Or it could just be a command-line that you launch to copy from a shared folder (i.e. "copy \\<server ip>\folder\filename C:\folder\filename").

2. Yes, you can stop, start, restart services using the launch program remediation action.  The command would be "net start <servicename>" to start a service.

3. I assume you mean that you want to present a dialog box to the user but still allow them access to the network.  If that is correct, then you would have to set that requirement to "optional."  The problem is that for "optional" and "audit", all posture compliance shows as passed/compliant.  You would have to run reports to see which endpoints failed on certain checks.  Another option would be to process the Syslog events for "Posture and Client Provisioning Audit".  You would have to script the processing or create a parser in your Syslog server tool.

HTH,

Colby

Customers Also Viewed These Support Documents