Running ISE for checking posture, run across an issue, regarding MACOS Gatekeeper, 10.13.
wondering if anyone out here is also running ISE for posture checks and if your resolved the way to identify this ?
seems it's built into MACOS, there is not really a service, process, or plist that i've come across to define it in the ISE posture rule
Hmmm... I know that FSCT can log in with an SSH account and get a process list... or run a local agent... so, is this a MacOS with AnyConnect, because I'd assume that would be the Cisco way of getting that posture info.
Quote from: deanwebb on August 12, 2019, 09:30:28 AM
Hmmm... I know that FSCT can log in with an SSH account and get a process list... or run a local agent... so, is this a MacOS with AnyConnect, because I'd assume that would be the Cisco way of getting that posture info.
Yes MacOS with AnyConnect. ISE sees the AV, recognizes it, its just useless if we can't confirm that it is running. That's like having no AV at all.
Quote from: ristau5741 on August 12, 2019, 10:46:28 AM
Quote from: deanwebb on August 12, 2019, 09:30:28 AM
Hmmm... I know that FSCT can log in with an SSH account and get a process list... or run a local agent... so, is this a MacOS with AnyConnect, because I'd assume that would be the Cisco way of getting that posture info.
Yes MacOS with AnyConnect. ISE sees the AV, recognizes it, its just useless if we can't confirm that it is running. That's like having no AV at all.
Well, the ps command should work on MacOS. Can you run a script locally to execute maybe "ps aux"?