02-10-2015 01:09 PM - edited 03-10-2019 10:26 PM
I'm using NMAP for profiling and it seems that it runs only once for new devices on DB.
There is no re-profiling after the device was discover for the first time and populate into endpoint identity groups with attribute list.
In this case if profiled endpoint change his NMAP attriube list it will stay on the same identity group despite of the fact that there is no match on profile
policy and it will not be moved dynamically to a different identity group.
Is it possible to run re-profiling on an existing device and dynamically move it to a different identity group for example each time device is reauthenticated?
If there is an option to have continues profiling it will add some security to MAB
02-10-2015 02:10 PM
I believe the profiling function continues to happen and ISE continues to collect attributes. However, a device will only be re-profiled/moved to a different group if the "certainty factor" for that new profiling rule is higher than the current one. If the certainty factor is lower or the same then the device will remain in the existing profiled group.
Thank you for rating helpful posts!
02-10-2015 02:16 PM
02-11-2015 03:35 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide