I would like to characterize the machines that are currently attaching to AnyConnect. Is there any way on the ASA that I can see what OS a user is using? Or if they have AV or Malware protection? Or what model of hardware?
@CiscoMedMed the best way would be if you used ISE Posture, this will collect endpoint attributes such as OS and installed applications on a per endpoint basis and run reports.
You could use ASA DAP (Dynamic Application Policies) which you scan and permit access depending on install application (i.e. AV) or OS, but I'm not aware of an obvious way to report on this (unlike if using ISE). You may be able to filter on DAP specific syslog messages and send these to a syslog server.
@CiscoMedMed the best way would be if you used ISE Posture, this will collect endpoint attributes such as OS and installed applications on a per endpoint basis and run reports.
You could use ASA DAP (Dynamic Application Policies) which you scan and permit access depending on install application (i.e. AV) or OS, but I'm not aware of an obvious way to report on this (unlike if using ISE). You may be able to filter on DAP specific syslog messages and send these to a syslog server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: