Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1232
Views
0
Helpful
2
Replies

ISE 1.x profiler question (Network Scan Action & Exception Action)

allen00874
Level 1
Level 1

‎10-01-2012 04:52 PM - edited ‎03-10-2019 07:37 PM

Could someone please explain the following based on this scenario:

Say you create a Profiler Policy called “DeviceBrandX” and you set the Minimum Certainty Factor to 20 and you create a condition to profile based on a check for condition based on host-name in DHCP and you assign the condition a Certainty Factor Increases of 10. In additoin you define an Exception Action and a Network Scan (NMAP) Action in the policy.

Here are the two questions:

If you create another condition that initiates a scan Network Scan (NMAP) Action to scan say for OS - how does the scan influence the Certainty Factor?

Also if you create a condition that initiates Exception Action - how does that influence the Certainty Factor?

Thanks,

Allen

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎10-01-2012 05:03 PM

The exception action should not affect the certainty factor it is triggered when a device matches the profiling policy. Take a look at the apple-device policy for reference. The main purpose is to trigger another action if the policy is to generic

Sent from Cisco Technical Support Android App

0 Helpful

allen00874
Level 1
Level 1
In response to Tarik Admani

‎10-02-2012 06:40 PM

Hey Tarik,

Thank you for the response; I have looked at the apple-device policy, I see that the “* Exception Action” field is = NONE. I only see that the Network Scan (NMAP) Action is set to OS-scan. In fact I have looked at all the generic policies and none have an “* Exception Action” field set.

I can see that under the Rules configuration you can set the rule to "Take Exception Action" but in the top part of the configuration the "* Exception Action” there is no selection option.

I am assuming if you wish to trigger and event you would identify the event in the “* Exception Action” field and under the rule you would select "Take Exception Action". How do you configure the “* Exception Action” to determine which Action to take?

Thanks,

Allen

0 Helpful
Customers Also Viewed These Support Documents