cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

353
Views
0
Helpful
4
Replies
Highlighted
Contributor

Profiling based on hostname

Hi Experts,
Environment: ISE 2.2

Currently working on a requirement to check a certain encryption software which is only installed on laptops.
So decided to do the posture check using endpoints profiled based on hostnames, as they have already have a hostname naming scheme devices by type, e.g. Laptops, starts with LT and desktops with DT.

So based on this information I have created this profiling policy:
profile policy.jpg
Using this profiling I was able to profile only 127 endpoints... where as there are thousands that I see out there...
While looking at the Context Visibility -> Endpoints, I see that the host name columns is empty... 
Does this mean that there are some more probes that are needed to be enabled (already DNS, DHCP, Active Directory and Radius are enabled on all the PSNs).
The other thing that I see is that, when I check the attributes of an endpoint, I see the attribute Systemname has all the host-name of the endpoint... 
I am not able to find this attribute to do the profiling though, any idea where this could be found to do the profiling..?

4 REPLIES 4
Highlighted
VIP Engager

Is it possible that certain NADs in the environment are missing configuration to be a device sensor? I would double check the configs to ensure that you have the proper config to support the dhcp probe. Something to ensure is setup is the device-sensor filter-list for dhcp to include the option name 'host-name'. Then assign the list to the dhcp filter-spec, and enable notify all-changes.
Highlighted

Yes, I was thinking on the same lines.
Will update this post with further findings...

Highlighted

As expected, the device sensor commands are not enabled on every NAD out there.
The question is that, if these commands are enabled on all NADs, will that have any kind of a performance hit? Performance hit on NADs as well as ISE?

Highlighted

From ISE Profiling Guide 'Appliance Requirements':
ISE Profiling Services can only run on an ISE appliance configured for the Policy Service node (PSN) persona. ISE scale and performance tables posted to Cisco.com typically list the maximum concurrent sessions supported per PSN and per deployment. However, these values are specific to simultaneous authenticated endpoints, not the total that can be profiled. The total number of endpoints that can be profiled and persisted in the ISE database is much higher.

See here for further detail: https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456
Content for Community-Ad