Looking to see what options are available native to ISE to get visibility into "rogue" devices. A rogue device is defined as one that is not part of AD. So anything that hits a MAB rule would be a rogue device.
Is there any way we can generate a report for a specific AuthC or AuthZ rule? If all non-AD devices are hitting one AuthC/AuthZ rule, I could run a report to say "how many devices hit these rules?".
I know that sending this info via syslog to a SIEM and then reporting from there is an option.