Hello I have a couple of questions on ISE.

1. How does one go about viewing the posture logs created in ISE. We are having an issue with a few anyconnect clients getting past the virus scanning engine. We would like to look at the logs and see what is or isn't passing between the clients to the server.

2. We are currently running PKI authentication on our ISE for user access. We wish to create an account for one of groups that only allows read access. The group exists in our Active Directory and it's seen by ISE; however when we try to create a group for use we see no choices.

The thought is to select "password based", let it roll back

First step:
Access administration > Identity management > External Identity Sources
Select "ADGroup" under AD folder then access groups.
Select "Add" then "Select groups from directory"
In the name filter window enter the name or most significant values and use expressions where.
Select "Retrieve Groups" and the window should populate with choices.
Search for the group you want and select the check box.
Select "Ok"
In the window you should see a highlighted choice and option to save or cancel
Select cancel and your choice should be visible.
If you select save you may over write the current name and sid.
Select save in the bottom left hand corner.

We believe that the next step is:
Administration > system > Admin Access > Administrators > Authentication
"client Certificate Based" is currently selected and is correct since that's what we are using to access.
We have the choice to use "Password Based" also; however, selecting that will cause the system to restart, at least from my experience, the Web front end which kicks everyone out. I believe ISE stays up but you can't login for about 10 minutes.

Just a guess but the last step should be:
Administration > system > Admin Access > Administrators > Admin Groups
Enter a descriptive name, a description
Select "External"
Open the "External Groups" pull down and search for or select the group you previously added.