Solved: Re: [Q] -Authc Reports in ISE 2.1 endpoint count query

Sandeep Ramakrishnan · ‎02-01-2017

Hello all,

In respect to the endpoint counts being reported, are the counts for unique endpoints (i.e. de-duplicated) or is it a simple count of all authc events (which contains multiple per endpoint)?

Screenshot below is for failed authc due to expired certs as an example. Assuming that it is not de-duplicated, is there a filter or group by field in ISE 2.1 that can be configured to show only unique counts per endpoint?

Appreciate all help. Thanks in advance.

-Sandeep

Sandeep Ramakrishnan · ‎02-03-2017

Response from Pons pirungol (ISE Product Manager) I received:

Hi Sandeep,

The pass/fail counts reflects the total number of authC events occurred during the specified time range. i.e., if an end point attempted to perform the authC for 5 times (i.e., 4 - failed , 1 - passed). then the authC summary report will report as “Failed count = 4, Pass Count = 1) for the specific end point in question.

We do have an end point filter in the same AuthC report to generate the report for the specific end point of your interest.

View solution in original post

kthiruve · ‎02-02-2017

Reached out to Engineering on this. Will let you know.

-Krishnan

Sandeep Ramakrishnan · ‎02-03-2017

Response from Pons pirungol (ISE Product Manager) I received:

Hi Sandeep,

The pass/fail counts reflects the total number of authC events occurred during the specified time range. i.e., if an end point attempted to perform the authC for 5 times (i.e., 4 - failed , 1 - passed). then the authC summary report will report as “Failed count = 4, Pass Count = 1) for the specific end point in question.

We do have an end point filter in the same AuthC report to generate the report for the specific end point of your interest.