Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
6
Helpful
6
Replies

Get report status endpoint from ISE

Da ICS16
Level 1
Level 1

‎04-18-2024 10:01 PM - edited ‎04-19-2024 01:29 AM

Dear Community,

There have 2 kind different of AnyConnect agent version on ISE.

Also have 2 kind of Complain Module as well.

There are 2 kindly of Cisco AnyConnect agent on ISE where Client Provisioning Policy.

1. AnyConnect 4.x with its Compliance Module

2. Secure client 5.x with its Compliance Module

Please share how to get the report from ISE with below points.

  1. how to get the report status of endpoint with new version and old version of AnyConnect?
  2. How to get the report status of endpoint with new version and old version of compliance module?

Best Regards

0 Helpful
6 Replies 6

Arne Bier
VIP
VIP

‎05-06-2024 04:35 PM

Depending on your version of ISE, you might find an API call to retrieve very detailed endpoint information. However, as a start, I would try the following:

Export one example of such an endpoint in the ISE GUI Context Visibility and see if there data is there

if not, then export all the Endpoints via the Primary PAN CLI 

application configure ise

Select option 

[16]Get all Endpoints

If you have a recent ISE version (3.1 and onwards) then you can download the generated .csv from the PAN GUI and analyse the data in Excel.

Alternatively, it has been discussed before, that the SYSLOG messages that ISE sends to an external SYSLOG receiver is probably the best place to look for things like TLS versions used by endpoints. The trick of course, is to ensure that you are sending RADIUS Authentication SYSLOGs to your SIEM, and then, be confident that your endpoints have all authenticated so that you can analyse ALL your endpoints. You might have PCs that are offline or failing auth - and those might not reflect in our SIEM analysis.

thomas
Cisco Employee
Cisco Employee

‎05-08-2024 03:42 PM

I was able to use the ISE Data Connect feature (ISE 3.2+) with my iseql.py script to perform an SQL query for the versions of AnyConnect / Cisco Secure Client (CSC) :

iseql.py -it "
SELECT posture_agent_version, endpoint_mac_address
FROM (SELECT DISTINCT posture_agent_version, endpoint_mac_address FROM posture_assessment_by_endpoint)
WHERE endpoint_mac_address IS NOT NULL and posture_agent_version IS NOT NULL
ORDER BY posture_agent_version
"
posture_agent_version               endpoint_mac_address
----------------------------------  ----------------------
Posture Agent for Windows 5.1.2.42  00:50:56:8E:25:BB
Posture Agent for Windows 5.1.2.42  00:50:56:8E:39:CC
Posture Agent for Windows 5.1.2.42  00:50:56:8E:24:79
Posture Agent for Windows 5.1.3.62  54:AF:97:D6:A7:3B
Posture Agent for Windows 5.1.3.62  00:50:56:8E:25:BB

 You could add additional columns for the endpoint_operating_system, posture_status, system_name, system_user, username, and more.

There is no attribute that I can find for the compliance module version. Submit an ISE Wish (cs.co/ise-wish) for that.

Arne Bier
VIP
VIP

‎05-08-2024 04:43 PM

@thomas you are our API champion!  Thanks - I think I will start using this in my customer setups as an auditing tool - using python for the ODBC interface is super cool.

thomas
Cisco Employee
Cisco Employee
In response to Arne Bier

‎05-08-2024 05:31 PM

Yeah, I see a lot of custom reporting questions which is why we created the Data Connect feature in the first place.

It's so much faster than REST APIs, too, especially with more than a few hundred objects.

You can see how I used it in

How to Get Data Out of ISE 2024-04-02

48:32 ISE Data Connect

52:07: Demo: ISE Data Connect SQL Queries

iseql.py --help
iseql.py "SELECT view_name FROM user_views ORDER BY view_name ASC"
iseql.py "SELECT view_name FROM RADIUS_ACCOUNTING"
iseql.py "SELECT status,username,is_admin,password_never_expires FROM network_access_users"
iseql.py "select  location, sum(passed_count) as passed, sum(failed_count) as failed, sum(passed_count) + sum(failed_count) as total, round(to_char(((sum(failed_count) / (sum(passed_count) + sum(failed_count))) * 100)), 2) as failed_percentage, round(to_char(sum(total_response_time)/(sum(passed_count) + sum(failed_count))), 2) as total_response_time, max(max_response_time) as max_response_time from radius_authentication_summary group by location"

I also created a script ise-dc-enable.py to help you quickly enable Data Connect on ISE via REST APIs.

Arne Bier
VIP
VIP
In response to thomas

‎05-09-2024 03:27 AM

Hey Thomas,

I like the SQL examples because I did one term of SQL in my undergrad. Many many many years ago. I never really got the hang of it, especially when dealing with all those complex inner/outer joins. Do you have any useful SQL guides you recommend for networking engineers?
0 Helpful

pavagupt
Cisco Employee
Cisco Employee
In response to Arne Bier

‎05-09-2024 04:51 AM

You can take look at the examples and how to connect to ISE using SQLDeveloper and use simple queries.

Demo: Sample SQL Queries

You could make use of Posture_Assessment_by_endpoint table. Below query can give you unique users, devices, operating systems and agent version.

select Distinct Username, Endpoint_Mac_Address,Endpoint_Operating_System, Posture_agent_version from Posture_Assessment_by_endpoint;

 

Customers Also Viewed These Support Documents