Security

 View Only
last person joined: 22 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).

Compare current OnGuard posture to stored posture

This thread has been viewed 3 times
  • 1.  Compare current OnGuard posture to stored posture

    Posted Aug 07, 2022 06:48 PM
    Hello.

    I'm trying to compare the current Tips Posture to the previously known posture. I'm storing the last known posture as a string in a custom dictionary attribute.

    I want to apply certain enforcement profiles if the current Tips posture does not equal the stored one.

    I followed most of the directions in this article, and I am succeeding at storing the posture. However, it stores as a string (e.g., "HEALTHY"), whereas the Tips posture seems to evaluate as a string with an integer (e.g., "HEALTHY (0)"), and therefore is failing to compare properly.

    The attributes "Last Posture" and "Last Posture Int" are custom attributes that are type String and Integer32 respectively. Below is the profile I'm using to update the attributes.


    Below is the rule I'm trying to use to evaluate the comparison between current posture and previous posture.

    It should be noted that I cannot compare the other way around. The rule editor will not let me enter Tips Posture NOT_EQUALS "%{Endpoint:Last Posture}", saying the the value entered is not valid.

    Below is an example endpoint that had the custom attributes added. Note that both the string version and integer version both say "HEALTHY", which is odd. I would have expected the int version to say "0". Either way, these aren't comparing against Tips:Posture correctly.


    What am I doing wrong? Is there a way to correctly compare the Tips:Posture with a stored attribute from a previously known posture?