Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
1
Replies

Visibility into "rogue" devices

gjw_csco
Cisco Employee
Cisco Employee

‎09-12-2019 09:04 AM

Looking to see what options are available native to ISE to get visibility into "rogue" devices. A rogue device is defined as one that is not part of AD. So anything that hits a MAB rule would be a rogue device.

 

Is there any way we can generate a report for a specific AuthC or AuthZ rule? If all non-AD devices are hitting one AuthC/AuthZ rule, I could run a report to say "how many devices hit these rules?". 

 

I know that sending this info via syslog to a SIEM and then reporting from there is an option. 

 

 

0 Helpful
1 Reply 1

Colby LeMaire
VIP Alumni
VIP Alumni

‎09-12-2019 09:33 AM

You would have to run the "Radius Authentications" report and export it to CSV.  Then use Excel and filter on the rules that you are interested in.

0 Helpful
Customers Also Viewed These Support Documents