Been reading through the integration doc for CPPM and SEPM, and looks like there is quite a bit of information there to gain. I've installed the extension and waiting on my client to get me info for the SEPM server to complete the integration.
I'm wondering how to best write policy to leverage this integration. I'm aware I can write the policy to check any number or combination of endpoint attributes imported by the extension, but how would I force a re-evaluation or terminate session on an endpoint that was quarantined due to being out of compliance? The SEPM extension updates changed endpoints every 5 minutes, but without the terminate session mechanism (that a normal Web Based Health check service adds) the device would never make it out of quarantine role despite having been remediated.
My client does have Onguard licensing as well, and I can easily write Posture policy to check for X application version, Y time since last scan, etc. Seems this way then handles most of the common policy scenarios and makes the integration redundant.
Would love to hear about others' experience if they've used this integration before.