We have got requirement to implement HIP profile for GP users ;
But first we want to run it in Monitor mode without any enforcement or without blocking any users
Below are the requirements
AV updates not older than
So do i just have to create HIP Object with all these conditions ?
And how will i check which machines will not hit these HIP objects ?
So the thing to remember about HIP is that it never takes any action unless you've specifically told it to. By default, HIP is just going to be informational. What you would do here is just create a HIP Object matching your criteria and commit. The HIP Match logs on the firewall will tell you which connecting clients are matching your HIP Object.
If you want to quickly see what machines aren't meeting your defined HIP parameters, you could do that easily enough by creating two HIP Profiles. You would simply set it to match or NOT match your HIP Object you defined above, and then you could search for either HIP Profile in your logs.
So for an example, lets say that I created a HIP Object called "Secured-Clients" and had it match all the criteria you defined. I would then create two HIP Profiles, with the first being "Trusted-Clients" for example that would simply match on the "Secured-Clients" HIP object you created previously. You would then create another HIP Profile called "NonTrusted-Clients" and simply have the match criteria as NOT "Secured-Clients".
When it came to searching who was matching which profile, you can log into the firewall and search the HIP Match logs. To filter on the Trusted-Clients HIP Profile you would simply use the search ( matchname eq Trusted-Clients ) to find everyone who meets your HIP criteria and then ( matchname eq NonTrusted-Clients ) to find everyone who doesn't.
Just keep in mind that nothing will actually take into account your HIP Profiles until you actually configure it to do so. Simply creating new HIP Objects or HIP Profiles will never cause any issues to your existing profiles.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!