02-07-2019 03:49 AM
Hi
Good day!
I am setting up a new ISE posture policy and the following conditions must be met.
1. If Windows updates are non-compliant, need a grace period of 3 weeks.
2. If AV services are not running, network access must be blocked immediately.
Can we run both of the above policies together in one posture policy?
BR
Jay
Solved! Go to Solution.
02-07-2019 06:17 AM
Hi,
1.If Windows updates are non-compliant, need a grace period of 3 weeks.- Grace period is available for whole compliance status(for all checks), if the machine was complaint in previous posture check.
Cache Last Known Posture Compliant Status | ||||
|
|
Instead of this, you can create a PRA condition with grace period of maximum 60 mins & call this patch condition as PRA : reassessment
2. If AV services are not running, network access must be blocked immediately.-Yes it is possible, you can create this as separate policy & call the PRA as initial.
Both the policies should be different.
For more info on Posture reassessment please check here
-Aravind
02-07-2019 06:17 AM
Hi,
1.If Windows updates are non-compliant, need a grace period of 3 weeks.- Grace period is available for whole compliance status(for all checks), if the machine was complaint in previous posture check.
Cache Last Known Posture Compliant Status | ||||
|
|
Instead of this, you can create a PRA condition with grace period of maximum 60 mins & call this patch condition as PRA : reassessment
2. If AV services are not running, network access must be blocked immediately.-Yes it is possible, you can create this as separate policy & call the PRA as initial.
Both the policies should be different.
For more info on Posture reassessment please check here
-Aravind
02-07-2019 08:23 AM
Thanks Aravind. I will be working as per this plan further and update.
BR
Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide