Cisco Ise 13 User Guide
Have a look at the manual Cisco Ise 13 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 868
Usage GuidelinesFields
Clicktheplus[+]signtoexpandtheConditionsanchoredoverlay,andclickthe
minus[-]sign,orclickoutsidetheanchoredoverlaytocloseit.
ClickSelectExistingConditionfromLibraryorCreateNewCondition
(AdvancedOption).
SelectExistingConditionfromLibrary---Youcandefineanexpressionby
selectingCiscopredefinedconditionsfromthepolicyelementslibrary.
CreateNewCondition(AdvancedOption)---Youcandefineanexpressionby
selectingattributesfromvarioussystemoruser-defineddictionaries....](http://img.usermanuals.tech/thumb/17/104725/w64_ise-13-user-guide-1524841621_d-867.png "Page 868
Usage GuidelinesFields
Clicktheplus[+]signtoexpandtheConditionsanchoredoverlay,andclickthe
minus[-]sign,orclickoutsidetheanchoredoverlaytocloseit.
ClickSelectExistingConditionfromLibraryorCreateNewCondition
(AdvancedOption).
SelectExistingConditionfromLibrary---Youcandefineanexpressionby
selectingCiscopredefinedconditionsfromthepolicyelementslibrary.
CreateNewCondition(AdvancedOption)---Youcandefineanexpressionby
selectingattributesfromvarioussystemoruser-defineddictionaries....")
Conditions Thissectiondescribespolicyconditionsusedforprofilingendpoints,postureclients,andtolimitorextend permissiontoaccesstoCiscoISEsystemresources. Profiler Condition Settings ThefollowingtabledescribesthefieldsintheProfilerConditionpage.Thenavigationpathforthispageis: Policy>PolicyElements>Conditions>Profiling. Table 110: Profiler Condition Settings Usage GuidelinesFields Nameoftheprofilercondition.Name Descriptionoftheprofilercondition.Description Chooseanyoneofthepredefinedtypes.Type Chooseanattributeonwhichtobasetheprofilercondition.AttributeName Chooseanoperator.Operator Enterthevaluefortheattributethatyouhavechosen.ForAttributeNamesthat containpre-definedAttributeValues,thisoptiondisplaysadrop-downlistwith thepre-definedvalues,andyoucanchooseavalue. AttributeValue Profilingconditionscanbeanyoneofthefollowingtypes: •CiscoProvided—ProfilingconditionsthatareprovidedbyCiscoISEwhen deployedareidentifiedasCiscoProvided.Youcannoteditordeletethem fromthesystem. •AdministratorCreated—Profilingconditionsthatyoucreateasan administratorofCiscoISEareidentifiedasAdministratorCreated. SystemType Related Topics CiscoISEProfilingService,onpage452 ProfilerConditions,onpage404 ProfilerFeedService,onpage504 CreateaProfilerCondition,onpage404 Posture Conditions Settings Thissectiondescribessimpleandcompoundconditionsusedforposture. Cisco Identity Services Engine Administrator Guide, Release 1.3 825 Conditions
Related Topics PostureService,onpage566 PostureConditions,onpage405 CustomConditionsforPosture,onpage581 ConfigurePosturePolicies,onpage579 CreatePostureCondition File Condition Settings ThefollowingtabledescribesthefieldsintheFileConditionspage.Thenavigationpathforthispageis: Policy>PolicyElements>Conditions>Posture>FileCondition. Table 111: File Condition Settings Usage GuidelinesFields Enterthenameofthefilecondition.Name Enteradescriptionforthefilecondition.Description Chooseoneofthepredefinedsettings: •ABSOLUTE_PATH—Checksthefileinthefullyqualifiedpathofthefile.For example,C:\\filename.Forothersettings,enteronlythefilename. •SYSTEM_32—ChecksthefileintheC:\WINDOWS\system32directory.Enter thefilename. •SYSTEM_DRIVE—ChecksthefileintheC:\drive.Enterthefilename. •SYSTEM_PROGRAMS—ChecksthefileintheC:\ProgramFiles.Enterthe filename. •SYSTEM_ROOT—ChecksthefileintherootpathforWindowssystem.Enter thefilename. FilePath Chooseoneofthepredefinedsettings: •FileExistence—Checkswhetherafileexistsonthesystem. •FileDate—Checkswhetherafilewithaparticularfile-createdorfile-modified dateexistsonthesystem. •FileVersion—Checkswhetheraparticularversionofafileexistsonthesystem. FileType (AvailableonlyifyouselectFileDateastheFileType)Chooseafiledatatype.FileDateType Cisco Identity Services Engine Administrator Guide, Release 1.3 826 Conditions
Usage GuidelinesFields TheFileOperatoroptionschangeaccordingtothesettingsyouselectintheFileType. Choosethesettingsappropriately: FileExistence •Exists •DoesNotExist FileDate •EarlierThan •LaterThan •EqualTo FileVersion •EarlierThan •LaterThan •EqualTo File Operator/Operator (AvailableonlyifyouselectFileDateastheFileType)Enterthedateandtimeofthe clientsysteminmm/dd/yyyyandhh:mm:ssformat. DateandTime (AvailableonlyifyouhaveselectedFileVersionastheFileType)Entertheversion ofthefiletobechecked. FileVersion Selecttheoperatingsystemtowhichthefileconditionshouldbeapplied.OperatingSystem Related Topics SimplePostureConditions,onpage405 CompoundPostureConditions,onpage406 CreatePostureCondition Registry Condition Settings ThefollowingtabledescribesthefieldsintheRegistryConditionspage.Thenavigationpathforthispageis: Policy>PolicyElements>Conditions>Posture>RegistryCondition. Table 112: Registry Condition Settings Usage GuidelinesFields Enterthenameoftheregistrycondition.Name Enteradescriptionfortheregistrycondition.Description Cisco Identity Services Engine Administrator Guide, Release 1.3 827 Conditions
Usage GuidelinesFields Chooseoneofthepredefinedsettingsastheregistrytype.RegistryType Chooseoneofthepredefinedsettingsastheregistryrootkey.RegistryRootKey Enterthesubkeywithoutthebackslash(“\”)tochecktheregistrykeyinthepath specifiedintheRegistryRootKey. Forexample,SOFTWARE\Symantec\NortonAntiVirus\versionwillcheckthekey inthefollowingpath: HKLM\SOFTWARE\Symantec\NortonAntiVirus\version SubKey (AvailableonlyifyouselectRegistryValueorRegistryValueDefaultastheRegistry Type)EnterthenameoftheregistrykeyvaluetobecheckedforRegistryValue. ThisisthedefaultfieldforRegistryValueDefault. ValueName (AvailableonlyifyouselectRegistryValueorRegistryValueDefaultastheRegistry Type)Chooseoneofthefollowingsettings: •Unspecified—Checkswhethertheregistrykeyvalueexistsornot.Thisoption isavailableonlyforRegistryValue. •Number—Checksthespecifiednumberintheregistrykeyvalue •String—Checksthestringintheregistrykeyvalue •Version—Checkstheversionintheregistrykeyvalue ValueDataType Choosethesettingsappropriately.ValueOperator (AvailableonlyifyouselectRegistryValueorRegistryValueDefaultastheRegistry Type)Enterthevalueoftheregistrykeyaccordingtothedatatypeyouhaveselected inValueDataType. ValueData Selecttheoperatingsystemtowhichtheregistryconditionshouldbeapplied.OperatingSystem Related Topics SimplePostureConditions,onpage405 CompoundPostureConditions,onpage406 Application Condition Settings ThefollowingtabledescribesthefieldsintheApplicationConditionspage.Thenavigationpathforthispage is:Policy>PolicyElements>Conditions>Posture>ApplicationCondition. Cisco Identity Services Engine Administrator Guide, Release 1.3 828 Conditions
Table 113: Application Condition Settings Usage GuidelinesFields Enterthenameoftheapplicationcondition.Name Enteradescriptionoftheapplicationcondition.Description Enterthenameoftheapplicationtobechecked.ProcessName Choosethestatustobechecked.Application Operator Selecttheoperatingsystemtowhichtheapplicationconditionshouldbeapplied.OperatingSystem Related Topics SimplePostureConditions,onpage405 SimplePostureConditions,onpage405 CompoundPostureConditions,onpage406 Service Conditions Settings ThefollowingtabledescribesthefieldsintheServiceConditionspage.Thenavigationpathforthispageis: Policy>PolicyElements>Conditions>Posture>ServiceCondition. Table 114: Service Conditions Settings Usage GuidelinesFields Enteranamefortheservicecondition.Name Enteradescriptionoftheservicecondition.Description Enterthenameoftheservicetobechecked.ServiceName Choosethestatustobechecked.ServiceOperator Selecttheoperatingsystemtowhichtheserviceconditionshouldbeapplied.OperatingSystem Related Topics SimplePostureConditions,onpage405 CompoundPostureConditions,onpage406 Cisco Identity Services Engine Administrator Guide, Release 1.3 829 Conditions
Posture Compound Condition Settings ThefollowingtabledescribesthefieldsintheCompoundConditionspage.Thenavigationpathforthispage is:Policy>PolicyElements>Conditions>Posture>CompoundCondition. Table 115: Posture Compound Condition Settings Usage GuidelinesFields Enterthenameofthecompoundconditionthatyouwanttocreate.Name Enterthedescriptionofthecompoundconditionthatyouwanttocreate.Description SelectoneormoreWindowsoperatingsystems.Thisallowyouto associateWindowsoperatingsystemstowhichtheconditionisapplied. OperatingSystem Clicktheparenthesestocombinetwosimpleconditionsfromthefollowing simpleconditiontypes:file,registry,application,andserviceconditions. Parentheses() YoucanusetheANDoperator(ampersand[&])inacompound condition.Forexample,enterCondition1&Condition2. (&)—ANDoperator(use“&” foranANDoperator,withoutthe quotes) YoucanusetheORoperator(horizontalbar[|])inacompound condition.Forexample,enterCondition1&Condition2. (|)—ORoperator(use“|”foran ORoperator,withoutthequotes) YoucanusetheNOToperator(exclamationpoint[!])inacompound conditions.Forexample,enterCondition1&Condition2. (!)—NOToperator(use“!”for aNOToperator,withoutthe quotes) Choosefromalistofsimpleconditionsofthefollowingtypes:file, registry,application,andserviceconditions. Youcanalsocreatesimpleconditionsoffile,registry,applicationand serviceconditionsfromtheobjectselector. Clickthequickpicker(downarrow)ontheActionbuttontocreatesimple conditionsoffile,registry,application,andserviceconditions. SimpleConditions Related Topics PostureConditions,onpage405 CreateCompoundPostureConditions,onpage407 Anti-Virus Condition Settings ThefollowingtabledescribesthefieldsintheAnti-VirusConditionpage.Thenavigationpathforthispage is:Policy>PolicyElements>Conditions>Posture>Anti-VirusCondition. Cisco Identity Services Engine Administrator Guide, Release 1.3 830 Conditions
Table 116: Anti-Virus Condition Settings Usage GuidelinesFields Enterthenameoftheantivirusconditionthatyouwanttocreate.Name Enterthedescriptionoftheantivirusconditionthatyouwanttocreate.Description Selectanoperatingsystemtochecktheinstallationofanantivirusprograms onyourclient,orcheckthelatestantivirusdefinitionfileupdatestowhich theconditionisapplied. OperatingSystem Chooseavendorfromthedrop-downlist.TheselectionofVendorretrieves theirantivirusproductsandversions,whicharedisplayedintheProducts forSelectedVendortable. Vendor Choosewhethertocheckaninstallationorcheckthelatestdefinitionfile updateontheclient. CheckType Choosetocheckonlytheinstallationofanantivirusprogramontheclient.Installation Choosetocheckonlythelatestdefinitionfileupdateofanantivirusproduct ontheclient. Definition (AvailableonlywhenyouchooseDefinitionchecktype)Choosetocheck theantivirusdefinitionfileversionontheclientagainstthelatestantivirus definitionfileversion,ifavailableasaresultofpostureupdatesinCisco ISE.Otherwise,thisoptionallowsyoutocheckthedefinitionfiledateon theclientagainstthelatestdefinitionfiledateinCiscoISE. CheckagainstlatestAV definitionfileversion,if available.(Otherwisecheck againstlatestdefinitionfile date). (AvailableonlywhenyouchooseDefinitionchecktype)Choosetocheck theantivirusdefinitionfileversionandthelatestantivirusdefinitionfile dateontheclient.Thelatestdefinitionfiledatecannotbeolderthanthat youdefineinthenextfield(daysolderthanfield)fromthelatestantivirus definitionfiledateoftheproductorthecurrentsystemdate. Ifunchecked,CiscoISEallowsyoutocheckonlytheversionofthe antivirusdefinitionfileusingtheCheckagainstlatestAVdefinitionfile version,ifavailableoption. Allowvirusdefinitionfiletobe (Enabled) Definethenumberofdaysthatthelatestantivirusdefinitionfiledateon theclientcanbeolderfromthelatestantivirusdefinitionfiledateofthe productorthecurrentsystemdate.Thedefaultvalueiszero(0). daysolderthan Choosetochecktheantivirusdefinitionfiledateontheclient,whichcan beolderbythenumberofdaysthatyoudefineinthedaysolderthanfield. Ifyousetthenumberofdaystothedefaultvalue(0),thentheantivirus definitionfiledateontheclientshouldnotbeolderthanthelatestantivirus definitionfiledateoftheproduct. latestfiledate Cisco Identity Services Engine Administrator Guide, Release 1.3 831 Conditions
Usage GuidelinesFields Choosetochecktheantivirusdefinitionfiledateontheclient,whichcan beolderbythenumberofdaysthatyoudefineinthedaysolderthanfield. Ifyousetthenumberofdaystothedefaultvalue(0),thentheantivirus definitionfiledateontheclientshouldnotbeolderthanthecurrentsystem date. currentsystemdate Chooseanantivirusproductfromthetable.Basedonthevendorthatyou selectintheNewAnti-virusConditionpage,thetableretrievesinformation ontheirantivirusproductsandtheirversion,remediationsupportthatthey provide,latestdefinitionfiledateanditsversion. Theselectionofaproductfromthetableallowsyoutocheckforthe installationofanantivirusprogram,orcheckforthelatestantivirus definitionfiledate,anditslatestversion. ProductsforSelectedVendor Related Topics CompoundPostureConditions,onpage406 Cisco-PreconfiguredAntivirusandAntispywareConditions,onpage406 AntivirusandAntispywareSupportChart,onpage406 Antispyware Compound Condition Settings ThefollowingtabledescribesthefieldsintheASCompoundConditionspage.Thenavigationpathforthis pageis:Policy>PolicyElements>Conditions>ASCompoundCondition. Table 117: Antispyware Compound Condition Settings Usage GuidelinesFields Enterthenameoftheantispywarecompoundconditionthatyouwantto create. Name Enterthedescriptionoftheantispywarecompoundconditionthatyouwant tocreate. Description Selectinganoperatingsystemallowsyoutochecktheinstallationofan antispywareprogramsonyourclient,orcheckthelatestantispyware definitionfileupdatestowhichtheconditionisapplied. OperatingSystem Chooseavendorfromthedrop-downlist.TheselectionofVendorretrieves theirantispywareproductsandversions,whicharedisplayedintheProducts forSelectedVendortable. Vendor Chooseifyouwanttochooseatypewhethertocheckaninstallation,or checkthelatestdefinitionfileupdateontheclient. CheckType Cisco Identity Services Engine Administrator Guide, Release 1.3 832 Conditions
Usage GuidelinesFields Chooseifyouwanttocheckonlytheinstallationofanantispywareprogram ontheclient. Installation Chooseifyouwanttocheckonlythelatestdefinitionfileupdateofan antispywareproductontheclient. Definition Checkthischeckboxwhenyouarecreatingantispywaredefinitioncheck types,anddisabledwhencreatingantispywareinstallationchecktypes. Ifchecked,theselectionallowsyoutocheckantispywaredefinitionfile versionandthelatestantispywaredefinitionfiledateontheclient.The latestdefinitionfiledatecannotbeolderthanthatyoudefineinthedays olderthanfieldfromthecurrentsystemdate. Ifunchecked,theselectionallowsyoutocheckonlytheversionofthe antispywaredefinitionfileastheAllowvirusdefinitionfiletobecheck boxisnotchecked. Allowvirusdefinitionfiletobe (Enabled) Definethenumberofdaysthatthelatestantispywaredefinitionfiledate ontheclientcanbeolderfromthecurrentsystemdate.Thedefaultvalue iszero(0). daysolderthan Choosetochecktheantispywaredefinitionfiledateontheclient,which canbeolderbythenumberofdaysthatyoudefineinthedaysolderthan field. Ifyousetthenumberofdaystothedefaultvalue(0),thentheantispyware definitionfiledateontheclientshouldnotbeolderthanthecurrentsystem date. Thecurrentsystemdate Chooseanantispywareproductfromthetable.Basedonthevendorthat youselectintheNewAnti-spywareCompoundConditionpage,thetable retrievesinformationontheirantispywareproductsandtheirversion, remediationsupportthattheyprovide,latestdefinitionfiledateandits version. Theselectionofaproductfromthetableallowsyoutocheckforthe installationofanantispywareprogram,orcheckforthelatestantispyware definitionfiledate,anditslatestversion. ProductsforSelectedVendor Related Topics CompoundPostureConditions,onpage406 Cisco-PreconfiguredAntivirusandAntispywareConditions,onpage406 AntivirusandAntispywareSupportChart,onpage406 Dictionary Simple Conditions Settings ThefollowingtabledescribesthefieldsintheDictionarySimpleConditionspage.Thenavigationpathfor thispageis:Policy>PolicyElements>Conditions>Posture>DictionarySimpleCondition. Cisco Identity Services Engine Administrator Guide, Release 1.3 833 Conditions
Table 118: Dictionary Simple Condition Settings Usage GuidelineFields Enterthenameofthedictionarysimpleconditionthatyouwanttocreate.Name Enterthedescriptionofthedictionarysimpleconditionthatyouwanttocreate.Description Chooseanattributefromthedictionary.Attribute Chooseanoperatortoassociateavaluetotheattributethatyouhaveselected.Operator Enteravaluethatyouwanttoassociatetothedictionaryattribute,orchooseapredefined valuefromthedrop-downlist. Value Related Topics DictionariesandDictionaryAttributes,onpage197 SimpleandCompoundConditions,onpage401 SimplePostureConditions,onpage405 CreateSimplePostureConditions,onpage405 Dictionary Compound Condition Settings ThefollowingtabledescribesthefieldsintheDictionaryCompoundConditionspage.Thenavigationpath forthispageis:Policy>PolicyElements>Conditions>Posture>DictionaryCompoundCondition. Table 119: Dictionary Compound Condition Settings Usage GuidelinesFields Enterthenameofthedictionarycompoundconditionthatyouwanttocreate.Name Enterthedescriptionofthedictionarycompoundconditionthatyouwanttocreate.Description Defineanexpressionbyselectingpre-definedconditionsfromthepolicyelements libraryoraddad-hocattribute/valuepairstoyourexpressioninthesubsequent steps. SelectExisting ConditionfromLibrary Choosedictionarysimpleconditionsthatyouhavealreadycreatedfromthepolicy elementslibrary. ConditionName TheExpressionisupdatedbasedonyourselectionfromtheConditionName drop-downlist. Expression Cisco Identity Services Engine Administrator Guide, Release 1.3 834 Conditions