Solved: ISE API for posture related activities

dngore · ‎05-30-2018

Hi,

We are deploying ISE 2.4 with Anyconnect 4.6.

Customer is developing software tool for automatic remediation.

They want to know whether ISE supports posture related APIs so that upon each posture failed condition on every endpoint, ISE will inform software tool about posture failed condition along with endpoint information like hostname etc. This will trigger software tool to initiate remediation action.

I wen through ISE API reference guide Release 2.x but could not find information on above topic.

Craig Hyps · ‎05-30-2018

We don't alarm on posture failure and ERS API is not an outbound function. As Jason noted, you can trigger off syslog, or use intermediate logger trigger response based on syslog.

pxGrid is an API of sorts, and that can provide a streamlined method to communicate posture status via Session topic. You could have application subscribe to Session topic and process updates as they occur.

We do have the REST Monitoring API which can be used to retrieve session status, but that would not be very efficient to continually query MnT. pxGrid would be the more efficient method.

View solution in original post

Jason Kunst · ‎05-30-2018

I will investigate but likely not something available as you stated.

For now customer could parse the syslog sent to external system as a possibility.

Craig Hyps · ‎05-30-2018

We don't alarm on posture failure and ERS API is not an outbound function. As Jason noted, you can trigger off syslog, or use intermediate logger trigger response based on syslog.

pxGrid is an API of sorts, and that can provide a streamlined method to communicate posture status via Session topic. You could have application subscribe to Session topic and process updates as they occur.

We do have the REST Monitoring API which can be used to retrieve session status, but that would not be very efficient to continually query MnT. pxGrid would be the more efficient method.