exception actions, and NMAP scan actions are classified as Cisco-provided or
administrator-created (see the System Type attribute). Also, the endpoint
profiling policies are classified as Cisco provided, administrator created, or
administrator modified (see the System Type attribute).
You can perform different
operations on the profiler conditions, exception actions, NMAP scan actions,
and endpoint profiling policies depending on the System Type attribute. You
cannot edit or delete Cisco-provided conditions, exception actions, and nmap
scan actions. Endpoint policies that are provided by Cisco cannot be deleted.
When policies are edited, they are considered as administrator-modified. when
administrator-modified policies are deleted, they are replaced by the
up-to-date version of the Cisco-provided policy that it was based on.
You can retrieve new and
updated endpoint profiling policies and the updated OUI database as a feed from
a designated Cisco feed server through a subscription in to Cisco ISE. You can
also receive e-mail notifications to the e-mail address as an administrator of
Cisco ISE that you have configured for applied, success, and failure messages.
You can also provide additional subscriber information to receive
notifications. You can send the subscriber information back to Cisco for
maintaining the records and they are treated as privileged and confidential.
By default, the profiler feed service is disabled, and it
requires a Plus license to enable the service. When you enable the profiler
Cisco ISE downloads the feed service policies and OUI database
updates every day at 1:00 A.M of the local Cisco ISE server time zone. Cisco
ISE automatically applies these downloaded feed server policies, which also
stores the set of changes so that you can revert these changes back to the
previous state. When you revert from the set of changes that you last applied,
endpoint profiling policies that are newly added are removed and endpoint
profiling policies that are updated are reverted to the previous state. In
addition, the profiler feed service is automatically disabled.
When the updates occur, only
the Cisco provided profiling policies and the endpoint profiling policies which
were modified by the previous update, are updated. Cisco provided disabled
profiling policies are also updated but they remain disabled. Administrator
Created or Administrator Modified profiling policies are not overwritten. If
you want to revert any Administrator Modified endpoint profiling policy to any
Cisco Provided endpoint profiling policy, then you must delete or revert the
Administrator Modified endpoint profiling policy to the previous Cisco Provided
endpoint profiling policy.