Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2422
Views
0
Helpful
3
Replies

ISE Posture with Forescout Secureconnector integration

Go to solution
kaachary
Cisco Employee
Cisco Employee

‎04-02-2018 10:08 PM

Customer has Forescout secureconnector installed on machines for Endpoint Compliance. They are evaluating ISE Posture currently, have a query whether the ISE posture agent can check the compliance status of the secureconnector agent, and then report the machine as compliant/non-compliant.

I don't think there is a straightforward way of doing this, since we do not have any such integration supported on ISE. I am planning to propose a registry check (if there is any) to verify the Secureconnector compliance status. Please let me know if you have any other suggestions.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎04-03-2018 12:55 AM

If the Forescout agent runs as a service in Windows and/or Mac OSX, you can also use a Service Condition check in the ISE Posture config to verify that the service named 'xyz' is Running.

See the Assessment Options for Windows and OSX in the ISE 2.2 Admin Guide here:

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies - Cisco

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎04-03-2018 12:55 AM

If the Forescout agent runs as a service in Windows and/or Mac OSX, you can also use a Service Condition check in the ISE Posture config to verify that the service named 'xyz' is Running.

See the Assessment Options for Windows and OSX in the ISE 2.2 Admin Guide here:

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies - Cisco

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎04-03-2018 07:18 AM

Gregory is correct.  We can check the compliance of the endpoint using posture policy but not the compliant / non-compliant state of SecureConnector.  The most we could do is check to see if it is installed and running.

Regards,

-Tim

0 Helpful

Go to solution
kaachary
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎04-03-2018 11:58 PM

Thanks Tim, Gregory

I am aware of the Service check for the agent. But the customer requirement specifically is to check the compliance status of the agent. Anyway, I was thinking if there is a ForeScout registry entry that gets set to a specific value when the machine is declared compliant, I could use that as a Condition, that is the only way I guess.

From what I am hearing, there is no other way to achieve this.

Thanks for the confirmation.

0 Helpful
Customers Also Viewed These Support Documents