Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
2
Replies

ISE-PIC WMI filter for AD users

Go to solution
tato386
Level 6
Level 6

‎01-03-2025 11:37 AM - edited ‎01-03-2025 11:38 AM

I am using WMI and PassiveID to pull username to IP mapping from my Windows domain controllers.  I don't need to map/monitor all the logins in my domain, I just need actually people logins.  Specifically, I have many service accounts that login to several servers and show up quite often in the live session screen with multiple logins and IPs which I want to get rid of.  I don't see any way to filter these service accounts.  Any ideas where I need to look?

Thanks,  

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-03-2025 11:47 AM

@tato386

Filter Passive Identity Services

You can filter certain users, based on their name or IP address. For example, if you have an administrator from IT services who logs in to an endpoint in order to assist the regular user with that endpoint, you can filter out the administrator activity so it does not appear in Live Sessions, but rather only the regular user of that endpoint will appear. The Live Session shows Passive Identity service components that are not filtered out by the Mapping Filters. You can add as many filters as needed. The “OR” logic operator applies between filters. If both the fields are specified in a single filter, the “AND” logic operator applies between these fields.

Procedure

Step 1

Choose Providers > Mapping Filters.

Step 2

Click Add, enter the Username and or IP address of the user you want to filter and click Submit.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/pic_admin_guide/pic_admin32/pic_admin32_chapter_011.html#task_E9787621FE1146E59A0E5EC4573609EE

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎01-03-2025 11:47 AM

@tato386

Filter Passive Identity Services

You can filter certain users, based on their name or IP address. For example, if you have an administrator from IT services who logs in to an endpoint in order to assist the regular user with that endpoint, you can filter out the administrator activity so it does not appear in Live Sessions, but rather only the regular user of that endpoint will appear. The Live Session shows Passive Identity service components that are not filtered out by the Mapping Filters. You can add as many filters as needed. The “OR” logic operator applies between filters. If both the fields are specified in a single filter, the “AND” logic operator applies between these fields.

Procedure

Step 1

Choose Providers > Mapping Filters.

Step 2

Click Add, enter the Username and or IP address of the user you want to filter and click Submit.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/pic_admin_guide/pic_admin32/pic_admin32_chapter_011.html#task_E9787621FE1146E59A0E5EC4573609EE

 

0 Helpful

Go to solution
tato386
Level 6
Level 6
In response to Rob Ingram

‎01-03-2025 01:00 PM

man, that was right there, Idon't know how I missed it.  I think I saw "mapping" and felt it was for like custom mapping of AD to ISE attributes or something similar.  then again the option says "filter" so I should have investigated further.  Thank you!

0 Helpful
Customers Also Viewed These Support Documents