Solved: Re: Cisco ISE reporting

Michael Prestien · ‎04-25-2017

My company is looking to get ISE for a multitude of reasons. One of the questions I'm getting asked the most is about reporting and it's not one I know how to answer as I've never use the product nor can I find what I'm looking for while searching other forums. A quick rundown of our company; we have around 150 external locations each with a manager and several users. The managers have their own manager based off region, and then we also have corporate employees with their own departments and managers. My question is about reporting and distributing activity. I need each manager to get a report of activity of the users they manage each day. If this data can be dumped into a database and we can extract the information that we want, that's fine as we have people that do similar things with other systems that we use. Of course, if ISE can do that on it's own that would be very handy. It's preferable that users/managers are not able to log into ISE to view this information unless there is something like a webportal we can set up that would give them their information based off their AD credentials.

If there needs to be any more clarity or if you have other questions or if you have answers (especially visual ones that I can show our CIO and CFO) it would be welcomed.

-Michael

gbekmezi-DD · ‎04-25-2017

What kind of user activity reporting are you looking for? The only things you will get from ISE are logins (success/fail and when, where from and from what endpoints) and posture information (if you use posture). If you want flexible, self service reporting I would consider something like Splunk. You can send ISE logs there and create reports at will.

George

View solution in original post

gbekmezi-DD · ‎04-25-2017

What kind of user activity reporting are you looking for? The only things you will get from ISE are logins (success/fail and when, where from and from what endpoints) and posture information (if you use posture). If you want flexible, self service reporting I would consider something like Splunk. You can send ISE logs there and create reports at will.

George

Michael Prestien · ‎04-25-2017

The main thing we are looking for with this reporting is internet usage. I've never heard of Splunk and doing a quick search over their website it looks like that is something that we can use. I need something that emails a manager "User 1 internet activity; www.youtube.com (15 hits, 600mb of traffic)" "User 2 internet activity; www.linkedin.com (4 hits, 30mb of traffic)". Something similar to that. It sounds as a product like Splunk, or any others suggested, is what I need to be looking at for this solution.

Thanks for the info.

Craig Hyps · ‎04-25-2017

Need to understand how each group is tracked, i.e. based on Location, group membership, policy assigned, etc. Then can determine which reports may be able to be generated with appropriate filter. George is correct in that solutions like Splunk offer a great deal of reporting flexibility, can be integrated with info from other sources, and have some native integrations with ISE via Syslog or pxGrid.

Since you mention URL tracking in your example, you may need to look at a solution that consumes this data, or even WSA which can assign policies based on assigned policy tag in ISE. You can then restrict and report on access based on these policy tags (aka SGTs). This could provide a nice Cisco+Cisco solution.

/Craig