Cisco ISE publishes session data to pxGrid through a coordinated flow between its primary personas:
Data Collection: Policy Service Nodes (PSNs) handle active authentications and forward all session events and RADIUS accounting packets to the Monitoring and Troubleshooting (MnT) node via syslog (UDP/20514).
Centralized Directory: The MnT node acts as the central repository, consolidating these logs into a global session directory.
Publishing: The MnT node functions as a publisher, sending session topic data to the pxGrid controller.
Brokering Context: The pxGrid controller manages the publish/subscribe (pub/sub) bus, allowing authorized subscribers (such as a SIEM, Firepower, or Stealthwatch) to receive real-time notifications or perform bulk downloads of this session context.
In modern deployments (pxGrid 2.0), this information is typically exchanged using WebSocket and REST-based APIs for greater efficiency.
