Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
6
Replies

Cisco ISE Showing All Live Sessions Need to filter

Csnoc314
Level 1
Level 1

‎04-22-2025 02:32 AM

we're currently using Cisco ISE for user identity management, and we've noticed that ISE is showing all live sessions, including background/system logins and service accounts. However, for our operational needs, we only want to see interactive user logins and RDP session details.

we have install PICAgent in AD server and this live sessions are getting from AD

Is there a way to filter or configure Cisco ISE to only display live sessions for interactive users (those actively logged in via console or RDP) and exclude system or background accounts?

We are primarily interested in getting clean session data to integrate with Cisco FMC for correlation and visibility.

0 Helpful
6 Replies 6

ahollifield
VIP
VIP

‎04-22-2025 06:41 AM

You can configure Passive ID filters. But why do you need ISE-PIC at all? What is the use-case? Why not upgrade the FMC 7.6 or 7.7 and use the native user-agent?

0 Helpful

Csnoc314
Level 1
Level 1
In response to ahollifield

‎04-22-2025 08:59 PM

we are only allowed by the management to upgrade the suggested version from the Manufacturer as per Cisco R&D suggested version is only 7.4 so only optio is to go with ISE-PIC if you can give tutorial or way to configure Passive ID filter.

0 Helpful

Marcelo Morais
VIP
VIP
In response to Csnoc314

‎04-22-2025 10:35 PM

Hi @Csnoc314 ,

 please take a look at: Filter Passive Identity Services.

 

Hope this helps !!!

0 Helpful

Csnoc314
Level 1
Level 1
In response to Marcelo Morais

‎04-22-2025 11:35 PM - edited ‎04-23-2025 02:12 AM

Hi @marc ,

Thanks but it after enabling this option still real interactive user not showing in live session. our main purpose for this to track the user .

0 Helpful

Marcelo Morais
VIP
VIP
In response to Csnoc314

‎05-05-2025 05:51 PM

Hi @Csnoc314 ,

 got it !!!

 At Operations > RADIUS > Live Sessions > the Session Source column are able to show:

  • RADIUS
  • Passive ID
  • Passive ID - RADIUS

Does this information help you ?

 

0 Helpful

andrewswanson
Level 7
Level 7
In response to Csnoc314

‎05-06-2025 06:01 AM - edited ‎05-06-2025 06:01 AM


Hi
I use Collection Filters (Administration > System > Logging > Collection Filters) to filter out certain usernames from the live logs

You can also use the attributes show below to filter on.

hth
Andy

ise collection filter.png

0 Helpful
Customers Also Viewed These Support Documents