Security

 View Only
last person joined: 10 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CCPM Expire old known profiled endpoints - script?

This thread has been viewed 12 times
  • 1.  CCPM Expire old known profiled endpoints - script?

    Posted Oct 26, 2021 04:26 PM

    I understand that 6.10 includes the ability to expire known profiled endpoints after last seen, however we're not ready to jump onto this version at this time.

    Is there a way to do this via a script on older versions like 6.9? If so, anyone has something like this already made?

    TIA.


    ------------------------------
    ---
    °(((=((===°°°(((=================================
    ------------------------------


  • 2.  RE: CCPM Expire old known profiled endpoints - script?

    Posted Nov 07, 2021 10:54 AM
    We are running 6.9.6 and this option exists in the cluster-wide parameters under Cleanup Interval - 

    Profiled Known endpoints cleanup option
    FALSE

    However, unlike the Profiled Unknown devices, I do not see an individual option to set the cleanup interval - for example, the Profiled Unknown is set to 0 days by default, we use 45 days for this. My only guess would be if you set this to true, it would use the "Known Endpoints" cleanup option (default is 0 as well). 

    Maybe someone else can clarify this, but yes the option does exist in 6.9.

    ------------------------------
    Michael Haring

    AirHeads MVP 2017, 2019-2021
    ------------------------------



  • 3.  RE: CCPM Expire old known profiled endpoints - script?

    Posted Nov 10, 2021 12:00 PM
    The behavior of this feature changed in 6.10: release notes.

    The following changes in behavior impact the Cleanup Interval settings configured at Administration > Server Manager > Server Configuration > Cluster-Wide Parameters: (CP‑39233)
    - The known endpoints cleanup interval is based upon when the device was last seen.
    - The unknown endpoints cleanup interval is based upon when the device was last seen.
    - The profiled unknown endpoints cleanup interval is based upon either the time the device was last seen OR was last profiled, whichever is most recent.
    - Profiled Known endpoints cleanup option is based upon either the time the device was last seen OR was last profiled, whichever is most recent.

    But the feature was available in earlier versions.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------