Hello dear community,
once again I have a small cosmetic problem and can't find a solution. But maybe it is simply not feasible.
In our environment, several administrators are responsible for one site each. In our old NAC solution, we had an email alert that notified colleagues via email when a new, unknown device was connected. The colleagues then received information such as switch IP + port and the MAC address of the device in the email. Either they connected the device themselves, in which case they added it to an identity group, or they checked what it was and then unlocked it.
In the ISE, unfortunately, this alert no longer exists. Here you can only periodically send an email that only reports the number of devices in specified Authorization Profiles. This would be fine, the colleagues have to filter the devices, but if the device is not unlocked within an hour, ISE sends another email. Over the weekend you have up to 60 emails. If the information is sent every 60 minutes.
How did you solve this? Unfortunately, the colleagues can not look 24x7 on the console. Actually, these messages should also run into the ticket system, but that would then generate a lot of tickets. Unfortunately, I can't find a switch that only reports newly added systems.
Is there a more elegant way to solve this?