I'm in the process of completing a migration from Sourcefire User Agent to ISE to publish user identity information to FMC via pxGrid. I have a couple of questions:
1 - ISE is configured and enabled for PassiveID, with WMI connections to the domain controllers. This is working as expected.
In planning for the migration, the "Excluded Usernames" feature from the User Agent is actively used to preclude named usernames from ever populating FMC. Is there a similar feature available for the ISE-FMC integration via pxGrid?
2 - When moving from the User Agent to ISE as Identity Source in FMC, is the existing database (user-IP mapping) in FMC purged during the change? Are all the passive identity sessions learnt via WMI published instantly to FMC? Or only new sessions from the time the identity source is migrated from User Agent to ISE?
Thanks in advance!