After implementing Cisco ISE with an AD tie-in for CWA, I was curious if anyone knew of a way to have the DCagent pull the ISE logon events as well. Currently, if a users authenticates on ISE's CWA it generates Event ID 4776 - Credential validation which looks something like this:
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: MyUser
Source Workstation: \\ISE
Error Code: 0x0
If the DCagent could somehow pull those events as well, I could give the proper web filter to even BYOD devices.
Unfortunately, I can't generate my own events in the Security log, as that'd be a simple solution.
Thanks in advance.