01-17-2019 11:08 AM - edited 03-08-2019 05:30 PM
Hello,
Either using DNA center or APIC EM, I want to block or quarantine an end-point using REST API.
Can someone please teach me how this could be done?
I'm expecting that Policy programming will work for this scenario.
I've tried a POST call like below, but couldn't make it work.
/api/v0/policy POST
[{"actions" : ["DENY"],
"policyOwner" : "admin",
"policyName" : "deny_all",
"networkUser" : {
"userIdentifiers" : ["10.2.1.17"]},
"actionProperty" : {
"destinations" : ["10.2.1.22"]} }]
# I have a switch whose ip address is 10.2.1.17 and the endpoint 10.2.1.22.
# In this scenario, detection of malware will be done by a different tool. I want to configure this tool so that it will send a POST request to APIC EM or DNA center to block or quarantine the end-point once malware is detected.
# I had a look at the following documents but didn't work for me.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/basic-configuration/Cisco-APIC-Basic-Configuration-Guide-401/Cisco-APIC-Basic-Configuration-Guide-401_chapter_0101.html
https://learninglabs.cisco.com/modules/dnac-rest-apis
Thank you very much in advance.
04-11-2019 12:51 PM
As of DNAC 1.2.10, this function is restricted to Stealthwatch-> ISE integration or just ISE.
Stealthwatch and ISE: https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/4561-docs-security/6200/1/Stealthwatch70_12062018_JEFinal.pdf
or ISE specifically: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01101.html
However, this is leveraging pxGrid and not REST or External RESTful.
This is the available API's for ISE 2.x https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/api_ref_guide/api_ref_book/ise_api_ref_pref.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide