4.4.1.5. Operation

This module will explain the endpoint compliance operation of the different tag conditions applied on this use case.

In the case we want to see a tag for a specific agent parameter, we need to go to ON Agent -> Agent payloads.

../../../_images/epc5.png


If we click on the tag icon on the Data column, we will see the tags that would have the user depending on the multiplatform agent rules configured previously.

../../../_images/epc6.png


We can see that the agent is installed with the ONC_AGENT tag, that it is a virtual machine with the HDT_VMGUEST tag, and that it doesn’t Edge and Firefox installed with the tags CDT_EDGE CDT_FIREFOX, respectively.

In the case we want to see a grouped tag, like the previously created EPC_SECURITY_COMPLIANCE_ANY, we need to go to the corresponding view in ON NAC -> Business Profiles.

../../../_images/epc2.png


And if we open one of the filter results, we will see that it has the EPC_SECURITY_COMPLIANCE_ANY tag.

../../../_images/epc.png


This tag is matched because the following three tags are found.

  • ISS_AV_UPDATE

  • ISS_AV_ENABLED

  • ISS_FW_ENABLED

We can also see that the profiling matched with a Windows desktop. That is why we can find the EPT_DESKTOP_WINDOWS tag.

In the case we want to see the tags requirement, we need to look for the IAI_ tags. This tags will be find on the Application section for a device in a business profile view.

../../../_images/epc7.png


It is very useful to know all the device application versions. We can see that the device in the example has the 1.0.13206 agent version installed, the 99.0.4844.84 Chrome version and the 4.3.0 Osquery version.