11-29-2016 11:02 AM
Does anyone know to use the Insight database to see how long an endpoint has had "Unknown" Onguard posture? I would like to wait or delay posture enforcement after boot up, for say, 10 minutes prior to doing a CoA, to give the client a chance to check in.
Solved! Go to Solution.
11-29-2016 12:29 PM
You can create two custom attributes in the endpoint repository to handle this. This is a common deployment method.
Here's the two attributes (you can change the names):
Create a few endpoint update enforcement profiles for each health status:
Create an endpoint update enforcement profile that stamps the current time:
Now, you'll need to create a time attribute in [Time Source] that is your acceptable window for a valid posture token. In this example, it's two days:
Now to put it all together, in your Health Check WebAuth service, add the two Last Known X enforcement profiles to each rule (the time one should be added to all of them and you'll want to switch between the correct posture token depending on the rule).
Now in your authentication service, you can do something like this:
Be sure [Endpoints Repository] and [Time Source] are added as authZ sources.
11-29-2016 12:36 PM
handle folks that have already passed posture in the past X hours/days to
allow the grace period.
11-29-2016 01:13 PM
disconnect the user after X time.
12-13-2016 01:52 PM
12-13-2016 02:22 PM
Good catch! Too much multitasking 😀
That time source query should be a subtract instead of an add like below:
localtimestamp(0)- interval '2 days' as two_days_ago
Then the rule would be: