02-07-2019 03:49 AM
Hi
Good day!
I am setting up a new ISE posture policy and the following conditions must be met.
1. If Windows updates are non-compliant, need a grace period of 3 weeks.
2. If AV services are not running, network access must be blocked immediately.
Can we run both of the above policies together in one posture policy?
BR
Jay
Solved! Go to Solution.
02-07-2019 06:17 AM
Hi,
1.If Windows updates are non-compliant, need a grace period of 3 weeks.- Grace period is available for whole compliance status(for all checks), if the machine was complaint in previous posture check.
Cache Last Known Posture Compliant Status | ||||
|
|
Instead of this, you can create a PRA condition with grace period of maximum 60 mins & call this patch condition as PRA : reassessment
2. If AV services are not running, network access must be blocked immediately.-Yes it is possible, you can create this as separate policy & call the PRA as initial.
Both the policies should be different.
For more info on Posture reassessment please check here
-Aravind
02-07-2019 06:17 AM
Hi,
1.If Windows updates are non-compliant, need a grace period of 3 weeks.- Grace period is available for whole compliance status(for all checks), if the machine was complaint in previous posture check.
Cache Last Known Posture Compliant Status | ||||
|
|
Instead of this, you can create a PRA condition with grace period of maximum 60 mins & call this patch condition as PRA : reassessment
2. If AV services are not running, network access must be blocked immediately.-Yes it is possible, you can create this as separate policy & call the PRA as initial.
Both the policies should be different.
For more info on Posture reassessment please check here
-Aravind
02-07-2019 08:23 AM
Thanks Aravind. I will be working as per this plan further and update.
BR
Jay
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: