ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!

  • Register for the monthly Cisco DNA Center Ask the Expert Sessions to learn about Cisco DNA Center configuration and deployment.
  • 671

    [DNA center or APIC EM] How to quarantine an end-point using REST API?


    Either using DNA center or APIC EM, I want to block or quarantine an end-point using REST API.

    Can someone please teach me how this could be done?


    I'm expecting that Policy programming will work for this scenario.

    I've tried a POST call like below, but couldn't make it work.


    /api/v0/policy POST
    [{"actions" : ["DENY"],
    "policyOwner" : "admin",
    "policyName" : "deny_all",
    "networkUser" : {
    "userIdentifiers" : [""]},
    "actionProperty" : {
    "destinations" : [""]} }]


    # I have a switch whose ip address is and the endpoint
    # In this scenario, detection of malware will be done by a different tool. I want to configure this tool so that it will send a POST request to APIC EM or DNA center to block or quarantine the end-point once malware is detected.
    # I had a look at the following documents but didn't work for me.

    Thank you very much in advance.

    Everyone's tags (4)
    1 REPLY 1
    Cisco Employee

    Re: [DNA center or APIC EM] How to quarantine an end-point using REST API?

    As of DNAC 1.2.10, this function is restricted to Stealthwatch-> ISE integration or just ISE. 


    Stealthwatch and ISE: 

    or ISE specifically:


    However, this is leveraging pxGrid and not REST or External RESTful.


    This is the available API's for ISE 2.x


    Content for Community-Ad
    This widget could not be displayed.