Hello
ISE 3.0 patch 3 - enabled Anomaly detection and I am seeing a growing list of Windows 10 workstations in the Anomalous Endpoints. These endpoints have never authenticated via ISE and the endpoints have been learned via DHCP profiling. This is from Cisco switches
I deleted a whole bunch of endpoints today and the list is growing again - is there a way to easily see WHY ISE considers this endpoint anomalous? I think there is a log somewhere, but that seems like a brutal approach.
I have not enable enforcement.
