ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!

  • Register for the monthly Cisco DNA Center Ask the Expert Sessions to learn about Cisco DNA Center configuration and deployment.
  • 671
    Views
    0
    Helpful
    1
    Replies
    Highlighted
    Beginner

    [DNA center or APIC EM] How to quarantine an end-point using REST API?

    Hello,

    Either using DNA center or APIC EM, I want to block or quarantine an end-point using REST API.

    Can someone please teach me how this could be done?

     

    I'm expecting that Policy programming will work for this scenario.

    I've tried a POST call like below, but couldn't make it work.

     

    /api/v0/policy POST
    [{"actions" : ["DENY"],
    "policyOwner" : "admin",
    "policyName" : "deny_all",
    "networkUser" : {
    "userIdentifiers" : ["10.2.1.17"]},
    "actionProperty" : {
    "destinations" : ["10.2.1.22"]} }]

     

    # I have a switch whose ip address is 10.2.1.17 and the endpoint 10.2.1.22.
    # In this scenario, detection of malware will be done by a different tool. I want to configure this tool so that it will send a POST request to APIC EM or DNA center to block or quarantine the end-point once malware is detected.
    # I had a look at the following documents but didn't work for me.
    https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/basic-configuration/Cisco-APIC-Basic-Configuration-Guide-401/Cisco-APIC-Basic-Configuration-Guide-401_chapter_0101.html
    https://learninglabs.cisco.com/modules/dnac-rest-apis


    Thank you very much in advance.

    Everyone's tags (4)
    1 REPLY 1
    Highlighted
    Cisco Employee

    Re: [DNA center or APIC EM] How to quarantine an end-point using REST API?

    As of DNAC 1.2.10, this function is restricted to Stealthwatch-> ISE integration or just ISE. 

     

    Stealthwatch and ISE: https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/4561-docs-security/6200/1/Stealthwatch70_12062018_JEFinal.pdf 

    or ISE specifically: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01101.html

     

    However, this is leveraging pxGrid and not REST or External RESTful.

     

    This is the available API's for ISE 2.x https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/api_ref_guide/api_ref_book/ise_api_ref_pref.html

     

    Content for Community-Ad
    This widget could not be displayed.