Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Onguard - Check windows 10 Build

This thread has been viewed 31 times

  • 1.  CPPM Onguard - Check windows 10 Build

    Posted Apr 19, 2021 10:59 AM
    Hi, a Customer is aksing if they can block windows 10 with build less than 1909.

    Is there a way to clearpass or onguard agent identify the build of windows 10?

    ------------------------------
    Bruno Andrade
    ------------------------------


  • 2.  RE: CPPM Onguard - Check windows 10 Build

    Posted Apr 19, 2021 03:20 PM
    Yes, this can be achieved.

    You won't get WIN10 build number out of normal CPPM endpoint profiling, but it can be 'pulled' via Onguard, you should see something like this when OnGuard is installed...

    Host:OSNameVersion Microsoft Windows 10 Enterprise N (10.0.19042)


    HTH

    ------------------------------
    Danny Jump
    "Passionate about CPPM"
    ------------------------------

    Original Message


  • 3.  RE: CPPM Onguard - Check windows 10 Build

    Posted Apr 19, 2021 04:32 PM
    Thank you Danny!
    I should use this information on my enforcement to take the action, right?
    Or do you known if there is a way to take action this using posture police?

    ------------------------------
    Bruno Andrade
    ------------------------------

    Original Message


  • 4.  RE: CPPM Onguard - Check windows 10 Build

    EMPLOYEE
    Posted Apr 20, 2021 02:03 AM
    Hi,

    You can use a 'Clearpass entity update enforcement profile' in OnGuard posture check web auth service to update the Host OS name and version to endpoint table. Then can configure the Radius authentication service to check the endpoint:attribute to deny or restrict the access.

    ------------------------------
    Nimal Varampetran
    ------------------------------

    Original Message


  • 5.  RE: CPPM Onguard - Check windows 10 Build

    Posted Apr 20, 2021 03:03 PM
    Hi @nimal_mahesh, where can I find this  'Clearpass entity update enforcement profile' ?
    I checked in attributes of my enforcement agent health profile and in rules of enforcement profile for my posture check and didn't find it.


    ------------------------------
    Bruno Andrade
    ------------------------------

    Original Message


  • 6.  RE: CPPM Onguard - Check windows 10 Build
    Best Answer

    EMPLOYEE
    Posted Apr 21, 2021 02:56 AM
    Hi Bruno,

    From Access tracker > OnGuard posture check request, you can find the version info collected by OnGuard agent:


    Hope the below steps help creating the configuration:

    From Administration > Dictionaries > Dictionary Attributes > create a new Endpoint attribute as below.


    From Configuration > Enforcement > Profiles > create a new enforcement profile of type "Clearpass entity update enforcement" to update the endpoint table with OS version info.

    Endpoint > OSNameVersion > %{Host:OSNameVersion}
    Update the Posture check service > Enforcement policy to use the endpoint update enforcement profile (created above).


    Update the Radius authentication service > Enforcement policy to check the endpoint table OSNameVersion attribute value for selecting the enforcement profile response.



    ------------------------------
    Nimal Varampetran
    ------------------------------

    Original Message


  • 7.  RE: CPPM Onguard - Check windows 10 Build

    Posted Apr 26, 2021 08:37 AM
    Really Thanks for sharing this instructions.
    It's gonna help me a lot! Thank you!!!

    ------------------------------
    Bruno Andrade
    ------------------------------

    Original Message