Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
5
Replies

Report for new devices only?

Josh Morris
Level 3
Level 3

‎01-14-2025 06:19 AM

I'm moving toward low-impact mode and am trying to answer the question of "How many new users can we expect to see after we convert to low-impact?" so I'll know how to staff resources on day n to properly resolve issues. We have Splunk and can generate some so-so reports, but its still not great. Any ideas?

0 Helpful
5 Replies 5

ahollifield
VIP
VIP

‎01-15-2025 07:36 AM

What do you mean by "new users"?  

0 Helpful

Josh Morris
Level 3
Level 3
In response to ahollifield

‎01-15-2025 08:44 AM

In this case, it would mean new devices that come online. Ex: We have 50,000 endpoints and have properly classified all 50,000 and tomorrow we have 50,001 devices. I would like to be able to have a regular report of the new endpoints from that time periot.

0 Helpful

ahollifield
VIP
VIP
In response to Josh Morris

‎01-15-2025 09:16 AM

Why exactly?  If they match your policy, etc what value does this offer?  You can certainly do something like this in Splunk but I'm not sure how to accomplish it.

0 Helpful

MHM Cisco World
VIP
VIP

‎01-15-2025 07:55 AM

Low-impact ""monitor"" ?

If yes then all endpoint connect to SW will known by ISE.

Do you want to use context visible to add known endpoint to identity group?

MHM

0 Helpful

Josh Morris
Level 3
Level 3
In response to MHM Cisco World

‎01-15-2025 08:46 AM

Ultimately, yes. We would want to properly classify any new endpoints into an already existing profile/rule. At this point, I'm trying to determine what the day 2 impact would be of moving our default rule action though.

0 Helpful
Customers Also Viewed These Support Documents