SNA 7.4.1 integration with ISE 2.7 should be using pxGrid version 2 with WebSocket instead of XMPP.

If you haven't already done so, I would suggest reviewing the Secure Network Analytics (formerly Stealthwatch) ISE Configuration Guide.

Some of the most common issues I've seen involve either certificate trust issues between the ISE pxGrid cert and the SMC cert or the 'Automatically approve new certificate-based accounts' setting is disabled in the ISE pxGrid Settings page and the client has not been manually Approved in the Administration > pxGrid Services > Client Management > Clients section.

the integration is fine, i have the green circle for both ISE and SMC and this is the good signal. The problem is the ultimate state show me offline (XMPP) on ISE, how i can fix this issue? 

i found this link with the same problem, but the solution not solve the problem

https://community.cisco.com/t5/network-access-control/stealthwatch-6-10-1-pxgrid-to-ise-2-3-not-functioning/m-p/3433866#M518158

attach images about this problem on ISE and SMC

As I stated in my previous response "SNA 7.4.1 integration with ISE 2.7 should be using pxGrid version 2 with WebSocket instead of XMPP."

The All Clients tab in the 2.7 pxGrid section only shows connections using XMPP (pxGrid version 1).

The Web Clients tab shows connections using WebSocket (pxGrid version 2).

Seeing (Offline) XMPP for your SMC connection is expected since it is using pxGrid version 2.

If the pxGrid connection status on the SMC side shows Connected, you should see your SMC client in the Web Clients tab in ISE with a Status = ON.

Hi Greg

my deploy with last patch for 7.4.1 smc and sfc have a problem with ise 2.7 last patch. the SMC is not able to receive the mac address of endpoint. Please you help

There are a lot of moving parts to this solution, and simply providing screenshots from SMC is not sufficient enough information to provide any meaningful assistance.
The MAC address information from ISE requires that ISE has the IP-MAC binding. This would come from IP Device Tracking on the switch as described in the ISE Secure Wired Access Prescriptive Deployment Guide.

• Is IPDT configured on the switch?
• Does ISE show the IP-MAC binding for the session?

The User attributed to the flow record would require that ISE gets the username from an 802.1x User authentication session. Is there a successful user auth session in ISE related to this MAC address?
The rest of the details on the User Info page (email address, location, etc) would have to come from the direct integration between SMC and Active Directory.

I've provided all the suggestions I can based on the limited details supplied.
I would suggest opening a TAC case to investigate in more detail on both the ISE and SNA platforms.