Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
1
Helpful
2
Replies

ISE 3.0 API script for getting zero hit policy set

iraj-ahmadi-2010
Level 1
Level 1

‎08-05-2024 09:21 AM - edited ‎08-05-2024 09:51 AM

Hello all,

I have an ISE 3.0 with a lot of Authorization policy inside a policy set for remote access VPN, I know most of this policy set is not in use anymore, as ISE does not have a report section for showing the policy set with zero hits, I tried to use postman API to get the policy with zero hit count. following are the URL that I used for getting the information 

https://x.x.x.x:443/api/v1/policy/network-access/policy-set

https://x.x.x.x:9060/api/v1/policy/network-access/policy-set

https://x.x.x.x:9060/ers/config/policyset

but non of them have output, Please let me know if the ISE save policy set hit count for a long time, if yes how can I get a report of for example policy set with zero hits for last 3 months,

thank you

0 Helpful
2 Replies 2

Marcel Zehnder
Spotlight
Spotlight

‎08-06-2024 05:52 AM

Hi, I see in the doc the endpoint for APIv1 (ISE3.1 and above) is /api/v1/policy/network-access/policy-set

According to the doc there is a hitcount (hitCounts):

{
  "response": [
    {
      "default": false,
      "id": "793f55af-ad78-4021-bbdc-6286724394f8",
      "name": "New Policy Set 1",
      "description": null,
      "hitCounts": 0,
      "rank": 0,
      "state": "enabled",
      "condition": {
        "link": null,
        "conditionType": "ConditionReference",
        "isNegate": false,
        "name": "Switch_Local_Web_Authentication",
        "id": "19d968b0-ebcb-4cdd-98e3-fe02e5521266",
        "description": "A condition to match authentication requests for Local Web Authentication from Cisco Catalyst Switches"
      },
      "serviceName": "Default Network Access",
      "isProxy": false,
      "link": {
        "rel": "self",
        "href": "https://{{ISE_IP}}/api/v1/policy/{{protocol}}/policy-set/793f55af-ad78-4021-bbdc-6286724394f8",
        "type": "application/json"
      }
    }
  ],
  "version": "1.0.0"
}

What's the exact ISE version you are using?

iraj-ahmadi-2010
Level 1
Level 1
In response to Marcel Zehnder

‎08-07-2024 06:46 AM

Thank you for your response, the exact IasE version is 3.0.0.458, this url is not working in this version, it is more that 500 authorization policy in my remote access policy set, and probably most of them are useless, unfortunately i don't have ISE support and I can not update it to new version. 
thank you again for response 

0 Helpful
Customers Also Viewed These Support Documents