Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
1
Replies

How to use ISE API to obtain field data with more Endpoints?

vincentgong
Level 1
Level 1

‎09-07-2023 11:20 PM

How to use the ISE API to obtain as many data as the .csv file fields generated from Total Endpoints->Export->Export All in the web page?

Currently, I use Postman to use https://XXX.XXX.XXX.XXX:9060/ers/config/endpoint to obtain the following:

{
   "SearchResult": {
   "total": XXXXX,
   "resources": [
   {
      "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
      "name": "XX:XX:XX:XX:XX:XX",
      "link": {
      "rel": "self",
      "href": "https://XXX.XXX.XXX.XXX:9060/ers/config/endpoint/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
      "type": "application/json"
   }
},
{
   "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
   "name": "XX:XX:XX:XX:XX:XX",
   "link": {
      "rel": "self",
      "href": "https:// XXX.XXX.XXX.XXX:9060/ers/config/endpoint/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
      "type": "application/json"
   }
},
{…

Then use the value of KEY as href in each project https://XXX.XXX.XXX.XXX:9060/ers/config/endpoint/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX to obtain the individual information as follows:

{
   "ERSEndPoint": {
      "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
      "name": "XX:XX:XX:XX:XX:XX",
      "mac": "XX:XX:XX:XX:XX:XX",
      "profileId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
      "staticProfileAssignment": false,
      "staticProfileAssignmentDefined": true,
      "groupId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
      "staticGroupAssignment": false,
      "staticGroupAssignmentDefined": true,
      "portalUser": "",
      "identityStore": "",
      "identityStoreId": "",
      "link": {
         "rel": "self",
         "href": "https:// XXX.XXX.XXX.XXX:9060/ers/config/endpoint/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
         "type": "application/json"
      }
   }
}

However, in the above attributes (fields), there are not as many fields as the .csv file generated from Total Endpoints->Export->Export All in the ISE Web page as follows:

MACAddress,EndPointPolicy,IdentityGroup,AuthenticationIdentityStore,AuthenticationMethod,AllowedProtocolMatchedRule,AuthorizationPolicyMatchedRule,SelectedAuthorizationProfiles,Description,DeviceRegistrationStatus,BYODRegistration,Device Type,EmailAddress,ip,ipv6,FirstName,host-name,LastName,LogicalProfile,Total Certainty Factor,NADAddress,Location,NAS-IP-Address,NAS-IPv6-Address,NAS-Port-Id,UserName,NetworkDeviceName,operating-system,operating-system-result,OS Version,OUI,PortalUser User-Name,StaticAssignment,StaticGroupAssignment,UpdateTime,MessageCode,FailureReason,UserType,EndpointIdentityGroup,EndpointOperatingSystem,PortalUser.FirstName,PortalUser.LastName,PortalUser.EmailAddress,PortalUser.PhoneNumber,PortalUser.GuestType,PortalUser.GuestStatus,PortalUser.Location,PortalUser.GuestSponsor,PortalUser.CreationType,AUPAccepted,EndPointGroup,EndPointProfilerServer,cts-security-group,Failure_Reason,PassiveID_Username,AD-Operating-System,Certificate Expiration Date,Certificate Issue Date,Certificate Issuer Name,User-Fetch-Department,User-Fetch-Telephone,User-Fetch-Job-Title,User-Fetch-Organizational-Unit,User-Fetch-CountryName,User-Fetch-LocalityName,User-Fetch-StateOrProvinceName,User-Fetch-StreetAddress,User-Fetch-First-Name,User-Fetch-Email,User-Fetch-Last-Name,SSID,DTLSSupport,Portal.Name,RegistrationTimeStamp,AnomalousBehaviour,PhoneID,posturePassCondition,postureFailCondition

Thanks!

Labels:
0 Helpful
1 Reply 1

sureshot
Cisco Employee
Cisco Employee

‎10-19-2023 02:06 AM

@vincentgong

 

As of now, The Endpoint API (ERS APIs) allow us to get only the below listed attributes of an endpoint along with Custom attributes info. Almost same as what you obtaining through API call from Postman tool. 

 

id" : "id",
"name" : "name",
"description" : "description",
"mac" : "00:01:02:03:04:05",
"profileId" : "profileId",
"staticProfileAssignment" : false,
"groupId" : "groupId",
"staticGroupAssignment" : true,
"portalUser" : "portalUser",
"identityStore" : "identityStore",
"identityStoreId" : "identityStoreId",
"customAttributes" : {
 "customAttributes" : {
   "key1" : "value1",
   "key2" : "value2"

 

To get endpoint information with more attributes, CLI is the best option. 

Access the ISE CLI (Console or SSH) and Run "Application configure ise" Command and select option #16 to get all the endpoint. A CSV file with details will be created in /localdisk. 

This action can be automated with some scripting and tools if the requirement is to generate this information on regular basis. 

 

Next Best Option is GUI as you might already tried. 

 

And you can also, check out Cisco Endpoint Analysis Tool -> https://iseeat.cisco.com/

 

-------------------------------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-------------------------------------------------------------

0 Helpful
Customers Also Viewed These Support Documents