Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1974
Views
0
Helpful
1
Replies

[DNA center or APIC EM] How to quarantine an end-point using REST API?

kan2aihara
Level 1
Level 1

‎01-17-2019 11:08 AM - edited ‎03-08-2019 05:30 PM

Hello,

Either using DNA center or APIC EM, I want to block or quarantine an end-point using REST API.

Can someone please teach me how this could be done?

 

I'm expecting that Policy programming will work for this scenario.

I've tried a POST call like below, but couldn't make it work.

 

/api/v0/policy POST
[{"actions" : ["DENY"],
"policyOwner" : "admin",
"policyName" : "deny_all",
"networkUser" : {
"userIdentifiers" : ["10.2.1.17"]},
"actionProperty" : {
"destinations" : ["10.2.1.22"]} }]

 

# I have a switch whose ip address is 10.2.1.17 and the endpoint 10.2.1.22.
# In this scenario, detection of malware will be done by a different tool. I want to configure this tool so that it will send a POST request to APIC EM or DNA center to block or quarantine the end-point once malware is detected.
# I had a look at the following documents but didn't work for me.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/basic-configuration/Cisco-APIC-Basic-Configuration-Guide-401/Cisco-APIC-Basic-Configuration-Guide-401_chapter_0101.html
https://learninglabs.cisco.com/modules/dnac-rest-apis


Thank you very much in advance.

Labels:
0 Helpful
1 Reply 1

loverbey
Cisco Employee
Cisco Employee

‎04-11-2019 12:51 PM

As of DNAC 1.2.10, this function is restricted to Stealthwatch-> ISE integration or just ISE. 

 

Stealthwatch and ISE: https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/4561-docs-security/6200/1/Stealthwatch70_12062018_JEFinal.pdf 

or ISE specifically: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01101.html

 

However, this is leveraging pxGrid and not REST or External RESTful.

 

This is the available API's for ISE 2.x https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/api_ref_guide/api_ref_book/ise_api_ref_pref.html

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents