I have a customer who is running ISE PIC node that publishes user log on events to stealthwatch. This is purely for monitoring purposes.Customer is using WMI provider to get the log on events. The customer has the following concerns :
1. Currently, customer is complaining that his domain controllers are overloaded. They also have a FW that is currently subscribed to the WMI service on their DC. The customer would like to know what are the processes/persistent queries that are running on the DC, when we configure WMI with ISE PIC. This will help him isolate if the issue is with ISEPIC or the FW thats causing the load.
2. Since both ISE PIC and the FW are using the same WMI service on the DC. Would using the agent help manage the load better ?
Solved! Go to Solution.
Thanks for the BUG id Hsing.
1. Does this BUG hold good for ISE-PIC node ? The only case attached to the BUG seems to be a regular ISE node running the passive ID probe. Also, any ideas on how to troubleshoot if the issue is specific to ISE-PIC or the FW exhausting the resources ?
2. I am assuming using the agent will not be a viable solution in this case ?