Re: Cisco ISE Showing Service/Application Logons

Csnoc314 · ‎04-08-2025

I’m currently using Cisco ISE with Passive Identity (PassiveID) configured to collect user login data via PICAgent installed on DCserver. However, I’ve noticed that the Cisco ISE Showing Service/Application Logons Cisco ISE Showing Service/Application Logons(remote interactive/RDP). These reflect real users logged into the PC, which is what we want to track for accurate identity mapping.

Vernon183Wheeler · ‎04-08-2025

Hello!

Cisco ISE with PassiveID using PICAgent on your DCserver is correctly tracking remote interactive/RDP logons, which is a normal and beneficial aspect of passive identity collection for accurate user-to-IP mapping. This allows for identity-based policies for RDP users. If you have a tollbyplate com specific question or issue regarding these RDP logon events, please provide more details. Otherwise, this behavior indicates your PassiveID setup is functioning as designed for remote sessions.

Csnoc314 · ‎04-08-2025

Hello,

Actually ISE is also showing up Service/Application(Outlook,NMS) Logons which is not required i only needed interactive/RDP logons event

Csnoc314 · ‎04-09-2025

currently using Cisco ISE with Passive Identity (PassiveID) configured to collect user login data via PICAgent installed on DC server. However, I've noticed that the Live Sessions section in ISE is showing sessions for service and application logons, including accounts used by applications such as Outlook or NMS tools.
My requirement is to see only actual user interactive logins, specifically Logon Type 2 (local interactive) and Logon Type 10 (remote interactive/RDP). These reflect real users logged into the PC, which is what we want to track for accurate identity mapping.