https://community.cisco.com/t5/network-access-control/list-endpoints-with-an-assigned-sgt-through-api/m-p/3909070#M457636 <P>Hi,</P><P>In our rapid threat containment setup with Firepower and ISE, we assign a specific SGT when endpoints gets quarantined.&nbsp;</P><P>We are trying to find a way to list all endpoints that are quarantined. Since the clients are assigned a specific tag, I am looking for a way to list all clients with this tag through the rest api. The quarantined client also gets an unique authorization profile assigned to them, so another possible way would be to list which clients are using this specific authorization profile.&nbsp;</P><P>Anyone know if this is possible?</P><P>&nbsp;</P><P>Thanks</P><P>/Jorgen</P> Fri, 16 Aug 2019 10:06:24 GMT Chess Norris 2019-08-16T10:06:24Z https://community.cisco.com/t5/network-access-control/list-endpoints-with-an-assigned-sgt-through-api/m-p/3909070#M457636 <P>Hi,</P><P>In our rapid threat containment setup with Firepower and ISE, we assign a specific SGT when endpoints gets quarantined.&nbsp;</P><P>We are trying to find a way to list all endpoints that are quarantined. Since the clients are assigned a specific tag, I am looking for a way to list all clients with this tag through the rest api. The quarantined client also gets an unique authorization profile assigned to them, so another possible way would be to list which clients are using this specific authorization profile.&nbsp;</P><P>Anyone know if this is possible?</P><P>&nbsp;</P><P>Thanks</P><P>/Jorgen</P> Fri, 16 Aug 2019 10:06:24 GMT https://community.cisco.com/t5/network-access-control/list-endpoints-with-an-assigned-sgt-through-api/m-p/3909070#M457636 Chess Norris 2019-08-16T10:06:24Z https://community.cisco.com/t5/network-access-control/list-endpoints-with-an-assigned-sgt-through-api/m-p/3910375#M457640 Just tested this and it works with curl. I assume you would want to automate in a python script etc. But here is the basic principle:<BR /><BR />curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user {} --request GET https://{ISEPan}:9060/ers/config/ancendpoint<BR /><BR />Good luck &amp; HTH! Mon, 19 Aug 2019 17:32:55 GMT https://community.cisco.com/t5/network-access-control/list-endpoints-with-an-assigned-sgt-through-api/m-p/3910375#M457640 Mike.Cifelli 2019-08-19T17:32:55Z https://community.cisco.com/t5/network-access-control/list-endpoints-with-an-assigned-sgt-through-api/m-p/3910712#M457643 <P>Thanks, I will test this as soon as I have access to the ISE server again.</P><P>I found an alternative method to get the SGT as well, using the following pxGrid API call -&nbsp;<A href="https://apl-iseadm01t.oneadr.net:8910/pxgrid/mnt/sd/getSessions/" target="_blank">https://&lt;ise name&gt;:8910/pxgrid/mnt/sd/getSessions/</A></P><P>This will give a lot of endpoint information including the SGT. (see example of the output below)</P><P>&nbsp;</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;"timestamp": "2019-08-19T15:28:07.451+02:00",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "state": "STARTED"</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "callingStationId": "00:21:CC:C4:2B:58",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "calledStationId": "00:CC:FC:43:52:20",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "auditSessionId": "0000000000001532311AD9BE",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "ipAddresses": [</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "10.139.120.100"</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ],</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "macAddress": "00:21:CC:C4:2B:58",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "nasIpAddress": "10.139.0.168",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "nasPortId": "GigabitEthernet1/0/32",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "nasPortType": "Ethernet",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "endpointProfile": "Windows7-Workstation",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "endpointOperatingSystem": "Windows 7 Enterprise",</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<STRONG> "ctsSecurityGroup": "SGT_QUARANTINE",</STRONG></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "providers": [</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "None"</P><P>&nbsp;</P><P>Best regards</P><P>/Jorgen</P> Tue, 20 Aug 2019 08:52:00 GMT https://community.cisco.com/t5/network-access-control/list-endpoints-with-an-assigned-sgt-through-api/m-p/3910712#M457643 Chess Norris 2019-08-20T08:52:00Z