01-14-2025 06:19 AM
I'm moving toward low-impact mode and am trying to answer the question of "How many new users can we expect to see after we convert to low-impact?" so I'll know how to staff resources on day n to properly resolve issues. We have Splunk and can generate some so-so reports, but its still not great. Any ideas?
01-15-2025 07:36 AM
What do you mean by "new users"?
01-15-2025 08:44 AM
In this case, it would mean new devices that come online. Ex: We have 50,000 endpoints and have properly classified all 50,000 and tomorrow we have 50,001 devices. I would like to be able to have a regular report of the new endpoints from that time periot.
01-15-2025 09:16 AM
Why exactly? If they match your policy, etc what value does this offer? You can certainly do something like this in Splunk but I'm not sure how to accomplish it.
01-15-2025 07:55 AM
Low-impact ""monitor"" ?
If yes then all endpoint connect to SW will known by ISE.
Do you want to use context visible to add known endpoint to identity group?
MHM
01-15-2025 08:46 AM
Ultimately, yes. We would want to properly classify any new endpoints into an already existing profile/rule. At this point, I'm trying to determine what the day 2 impact would be of moving our default rule action though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide