cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
353
Views
0
Helpful
2
Replies

How to get report or fetch data using REST API call in ISE

euahmed
Level 1
Level 1

Dear All , 

As I have been trying to get report and fetch data using GET REST call for certain number of external identity group in my existing policy sets in ISE cluster . 

I have more than 50 device policy sets in the configuration and I have applied different external identify group as a authorization rule condition for those policy . 

I am trying to get get data how many policy set is matching with  those certain number of external identify group using REST API call .

Please can anyone share Postman script or python script as a reference to check all policy which is matching external identify groups . 

It would be highly appreciated if you share your valuable inputs . 

With regards 

Erfan

 

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

There are several parts to this:

  1. Get all of the ISE Policy Sets
  2. Get all of the Authorization Rules for each Policy Set
  3. Filter the list of all Authorization Rules that match some Identity Group (I assume this is in the rule name)

To get a list of all Network Access Policy Sets use the ISE Policy API:

 

curl  --insecure  --location \
  --header 'Accept: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD  \
  --request GET "https://$ISE_PPAN/api/v1/policy/network-access/policy-set?&page=1&size=100"

 

Note the use of query parameters &page=1 and &size=100. The default page size is only 10 so using the default you would need to call &page=1 then &page=2... until you got all 50 (or more). Using &size=100 minimizes the number of pages to fetch - only 1 in your situation.

To get a list of all Network Access Policy Sets use the ISE Policy API's Authorization Rules and note that you must provide the policyId of the parent Policy Set from the list of Policy Set id's retrieved above. Yes, at least 50 times for all of your policy sets!

 

curl  --include  --insecure  --location \
  --header 'Accept: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD  \
  --request GET "https://$ISE_PPAN/api/v1/policy/network-access/policy-set/{policyId}/authentication?&size=100"

 

Again, I always increase the &size option to the max for efficiency. You may need to do this for multiple pages if you have >100 Authorization Rules.

How you parse the resulting JSON, filter, and stitch it all back together into whatever desired form you have is up to you and your scripting skills. There are many ways to do this but this will get you the data you need to start.

To understand everything I covered here in more detail, watch some of our ISE Webinars on APIs :

2024-08-06 ▷ISE API and Automation Setup
2022-10-06 ▷ Practical ISE Automation with Ansible
2022-10-04 ▷ ISE REST APIs Introduction
2021-07-06 ▷ ISE 3.1 APIs, Ansible, and Automation
2021-04-06 ▷ ISE REST APIs

https://cs.co/ise-berg#api

 

 

 

 

View solution in original post

2 Replies 2

thomas
Cisco Employee
Cisco Employee

There are several parts to this:

  1. Get all of the ISE Policy Sets
  2. Get all of the Authorization Rules for each Policy Set
  3. Filter the list of all Authorization Rules that match some Identity Group (I assume this is in the rule name)

To get a list of all Network Access Policy Sets use the ISE Policy API:

 

curl  --insecure  --location \
  --header 'Accept: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD  \
  --request GET "https://$ISE_PPAN/api/v1/policy/network-access/policy-set?&page=1&size=100"

 

Note the use of query parameters &page=1 and &size=100. The default page size is only 10 so using the default you would need to call &page=1 then &page=2... until you got all 50 (or more). Using &size=100 minimizes the number of pages to fetch - only 1 in your situation.

To get a list of all Network Access Policy Sets use the ISE Policy API's Authorization Rules and note that you must provide the policyId of the parent Policy Set from the list of Policy Set id's retrieved above. Yes, at least 50 times for all of your policy sets!

 

curl  --include  --insecure  --location \
  --header 'Accept: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD  \
  --request GET "https://$ISE_PPAN/api/v1/policy/network-access/policy-set/{policyId}/authentication?&size=100"

 

Again, I always increase the &size option to the max for efficiency. You may need to do this for multiple pages if you have >100 Authorization Rules.

How you parse the resulting JSON, filter, and stitch it all back together into whatever desired form you have is up to you and your scripting skills. There are many ways to do this but this will get you the data you need to start.

To understand everything I covered here in more detail, watch some of our ISE Webinars on APIs :

2024-08-06 ▷ISE API and Automation Setup
2022-10-06 ▷ Practical ISE Automation with Ansible
2022-10-04 ▷ ISE REST APIs Introduction
2021-07-06 ▷ ISE 3.1 APIs, Ansible, and Automation
2021-04-06 ▷ ISE REST APIs

https://cs.co/ise-berg#api

 

 

 

 

Hi @thomas ,

Thanks for your valuable inputs . 

I will try to follow your scripts which you shared and will let you know update.

On the other hand , thanks for sharing all webinar on ISE API . 

with regards 

Erfan