cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for Cisco DNA Center Resources to help you on your journey with Cisco DNA Center

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

525
Views
0
Helpful
1
Replies
Highlighted
Beginner

[DNA center or APIC EM] How to quarantine an end-point using REST API?

Hello,

Either using DNA center or APIC EM, I want to block or quarantine an end-point using REST API.

Can someone please teach me how this could be done?

 

I'm expecting that Policy programming will work for this scenario.

I've tried a POST call like below, but couldn't make it work.

 

/api/v0/policy POST
[{"actions" : ["DENY"],
"policyOwner" : "admin",
"policyName" : "deny_all",
"networkUser" : {
"userIdentifiers" : ["10.2.1.17"]},
"actionProperty" : {
"destinations" : ["10.2.1.22"]} }]

 

# I have a switch whose ip address is 10.2.1.17 and the endpoint 10.2.1.22.
# In this scenario, detection of malware will be done by a different tool. I want to configure this tool so that it will send a POST request to APIC EM or DNA center to block or quarantine the end-point once malware is detected.
# I had a look at the following documents but didn't work for me.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/basic-configuration/Cisco-APIC-Basic-Configuration-Guide-401/Cisco-APIC-Basic-Configuration-Guide-401_chapter_0101.html
https://learninglabs.cisco.com/modules/dnac-rest-apis


Thank you very much in advance.

Everyone's tags (4)
1 REPLY 1
Cisco Employee

Re: [DNA center or APIC EM] How to quarantine an end-point using REST API?

As of DNAC 1.2.10, this function is restricted to Stealthwatch-> ISE integration or just ISE. 

 

Stealthwatch and ISE: https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/4561-docs-security/6200/1/Stealthwatch70_12062018_JEFinal.pdf 

or ISE specifically: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01101.html

 

However, this is leveraging pxGrid and not REST or External RESTful.

 

This is the available API's for ISE 2.x https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/api_ref_guide/api_ref_book/ise_api_ref_pref.html

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards