There is no easy one-size-fits-all answer for this. It all depends on a number of factors. What are the capabilities of your SIEM system? Would it help your SIEM to see all passed authentications? Does your SIEM have an ability to make determinations based on endpoint type or profiling information? Is the amount of data or storage a concern for your SIEM? What are you even using ISE for? Guest only? VPN? 802.1x? TACACS+? etc.
With ISE, the Syslog configuration is per category and not for each Syslog message. At a minimum, you would want to send any failed authentication attempts and maybe accounting messages to track session start and end times. Again, it really depends on your SIEM and what options you have for building policies/rules. There is no sense in sending stuff to the SIEM if it is unable to do something with it.