Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3004
Views
16
Helpful
3
Replies

ISE Endpoint Group API

Go to solution
Wes Schochet
Level 3
Level 3

‎05-06-2022 07:39 AM

Hi-

 

I am looking for the ISE API call to get the endpoint IDs that are members of a particular endpoint identity group.  I have the group ID.  I can't find the right call....

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎05-06-2022 09:21 AM

Wes, the ISE APIs are documented @ https://cs.co/ise-api.

There is an area called Getting Started with a page Reading a Resource that has a section Adding Filters which describes the Filter syntax which can be combined with Paging and Sorting.

First, let us view the first page of Endpoint Identity Groups (up to 20 per page, by default)  including their IDs:

curl \
--insecure \
--location \
--silent \
--header 'Accept: application/json' \
--user $ise_rest_username:$ise_rest_password \
--request GET https://$ise_hostname/ers/config/endpointgroup\?size\=100 \
| jq -C '.[].resources[] | [.id,.name,.description ] | join(" | ")'
"38a73670-8c00-11e6-996c-525400b48521 | Sony-Device | Identity Group for Profile: Sony-Device"
"1e2700a0-8c00-11e6-996c-525400b48521 | Cisco-Meraki-Device | Identity Group for Profile: Cisco-Meraki-Device"
"0a4a50f0-8c00-11e6-996c-525400b48521 | Apple-iDevice | Identity Group for Profile: Apple-iDevice"
"0cc7ad00-8c00-11e6-996c-525400b48521 | BlackBerry | Identity Group for Profile: BlackBerry"
"ffa36b00-8bff-11e6-996c-525400b48521 | Android | Identity Group for Profile: Android"
"0c4eac70-8c00-11e6-996c-525400b48521 | Axis-Device | Identity Group for Profile: Axis-Device"
"2b07d100-8c00-11e6-996c-525400b48521 | Juniper-Device | Identity Group for Profile: Juniper-Device"
"22c6c780-8c00-11e6-996c-525400b48521 | Epson-Device | Identity Group for Profile: Epson-Device"
"aa10ae00-8bff-11e6-996c-525400b48521 | Profiled | Profiled Identity Group"
"aa000c30-8bff-11e6-996c-525400b48521 | Blocked List | Blocked List Identity Group"
"aa178bd0-8bff-11e6-996c-525400b48521 | GuestEndpoints | Guest Endpoints Identity Group"
"3a1b38d0-8c00-11e6-996c-525400b48521 | Synology-Device | Identity Group for Profile: Synology-Device"
"a4cd21c0-fd75-11eb-b43c-ba8c06185168 | OS_X_BigSur-Workstation | Identity Group for Profile: OS_X_BigSur-Workstation"
"3b113190-8c00-11e6-996c-525400b48521 | Vizio-Device | Identity Group for Profile: Vizio-Device"
"3a88eec0-8c00-11e6-996c-525400b48521 | Trendnet-Device | Identity Group for Profile: Trendnet-Device"
"aa13bb40-8bff-11e6-996c-525400b48521 | RegisteredDevices | Asset Registered Endpoints Identity Group"
"4ea2a450-5c7a-11ec-a6b9-ce11946aeeed | Windows11-Workstation | Identity Group for Profile: Windows11-Workstation"
"14f5cac0-8c00-11e6-996c-525400b48521 | Cisco-IP-Phone | Identity Group for Profile: Cisco-IP-Phone"
"aa0e8b20-8bff-11e6-996c-525400b48521 | Unknown | Unknown Identity Group"
"3b76f840-8c00-11e6-996c-525400b48521 | Workstation | Identity Group for Profile: Workstation"

Now let's say we want the Cisco-IP-Phone endpoints with group ID 14f5cac0-8c00-11e6-996c-525400b48521.

If you look at the structure of an endpoint object (this one is a printer) the attribute for the Endpoint Identity Group is groupID:

curl \
--insecure \
--location \
--silent \
--header 'Accept: application/json' \
--user $ise_rest_username:$ise_rest_password \
--request GET https://$ise_hostname/ers/config/endpoint/0e436440-cd53-11ec-bf2c-8220985ab925
{
"ERSEndPoint" : {
"id" : "0e436440-cd53-11ec-bf2c-8220985ab925",
"name" : "00:00:AA:C0:93:18",
"description" : "Epson Printer",
"mac" : "00:00:AA:C0:93:18",
"profileId" : "44031480-8c00-11e6-996c-525400b48521",
"staticProfileAssignment" : false,
"staticProfileAssignmentDefined" : true,
"groupId" : "22c6c780-8c00-11e6-996c-525400b48521",
"staticGroupAssignment" : true,
"staticGroupAssignmentDefined" : true,
"portalUser" : "",
"identityStore" : "",
"identityStoreId" : "",
"link" : {
"rel" : "self",
"href" : "https://198.18.133.27/ers/config/endpoint/0e436440-cd53-11ec-bf2c-8220985ab925",
"type" : "application/json"
}
}
}

We can run a query against the endpoints using the groupID attribute matching the Endpoint Group ID for our Cisco-IP-Phones :

curl \
--insecure \
--location \
--silent \
--header 'Accept: application/json' \
--user $ise_rest_username:$ise_rest_password \
--request GET https://$ise_hostname/ers/config/endpoint\?\&filter\=groupId.EQ.14f5cac0-8c00-11e6-996c-525400b48521 \
| jq -C '.[].resources[] | [.id,.name,.description ] | join(" | ")'
"0b36e790-cd53-11ec-bf2c-8220985ab925 | 00:11:BB:EF:EE:66 | IP Phone"
"0bdc7660-cd53-11ec-bf2c-8220985ab925 | 00:11:BB:5F:C4:28 | IP Phone"
"0c811ad0-cd53-11ec-bf2c-8220985ab925 | 00:11:BB:9E:57:BC | IP Phone"

8-)

 

 

View solution in original post

3 Replies 3

Go to solution
thomas
Cisco Employee
Cisco Employee

‎05-06-2022 09:21 AM

Wes, the ISE APIs are documented @ https://cs.co/ise-api.

There is an area called Getting Started with a page Reading a Resource that has a section Adding Filters which describes the Filter syntax which can be combined with Paging and Sorting.

First, let us view the first page of Endpoint Identity Groups (up to 20 per page, by default)  including their IDs:

curl \
--insecure \
--location \
--silent \
--header 'Accept: application/json' \
--user $ise_rest_username:$ise_rest_password \
--request GET https://$ise_hostname/ers/config/endpointgroup\?size\=100 \
| jq -C '.[].resources[] | [.id,.name,.description ] | join(" | ")'
"38a73670-8c00-11e6-996c-525400b48521 | Sony-Device | Identity Group for Profile: Sony-Device"
"1e2700a0-8c00-11e6-996c-525400b48521 | Cisco-Meraki-Device | Identity Group for Profile: Cisco-Meraki-Device"
"0a4a50f0-8c00-11e6-996c-525400b48521 | Apple-iDevice | Identity Group for Profile: Apple-iDevice"
"0cc7ad00-8c00-11e6-996c-525400b48521 | BlackBerry | Identity Group for Profile: BlackBerry"
"ffa36b00-8bff-11e6-996c-525400b48521 | Android | Identity Group for Profile: Android"
"0c4eac70-8c00-11e6-996c-525400b48521 | Axis-Device | Identity Group for Profile: Axis-Device"
"2b07d100-8c00-11e6-996c-525400b48521 | Juniper-Device | Identity Group for Profile: Juniper-Device"
"22c6c780-8c00-11e6-996c-525400b48521 | Epson-Device | Identity Group for Profile: Epson-Device"
"aa10ae00-8bff-11e6-996c-525400b48521 | Profiled | Profiled Identity Group"
"aa000c30-8bff-11e6-996c-525400b48521 | Blocked List | Blocked List Identity Group"
"aa178bd0-8bff-11e6-996c-525400b48521 | GuestEndpoints | Guest Endpoints Identity Group"
"3a1b38d0-8c00-11e6-996c-525400b48521 | Synology-Device | Identity Group for Profile: Synology-Device"
"a4cd21c0-fd75-11eb-b43c-ba8c06185168 | OS_X_BigSur-Workstation | Identity Group for Profile: OS_X_BigSur-Workstation"
"3b113190-8c00-11e6-996c-525400b48521 | Vizio-Device | Identity Group for Profile: Vizio-Device"
"3a88eec0-8c00-11e6-996c-525400b48521 | Trendnet-Device | Identity Group for Profile: Trendnet-Device"
"aa13bb40-8bff-11e6-996c-525400b48521 | RegisteredDevices | Asset Registered Endpoints Identity Group"
"4ea2a450-5c7a-11ec-a6b9-ce11946aeeed | Windows11-Workstation | Identity Group for Profile: Windows11-Workstation"
"14f5cac0-8c00-11e6-996c-525400b48521 | Cisco-IP-Phone | Identity Group for Profile: Cisco-IP-Phone"
"aa0e8b20-8bff-11e6-996c-525400b48521 | Unknown | Unknown Identity Group"
"3b76f840-8c00-11e6-996c-525400b48521 | Workstation | Identity Group for Profile: Workstation"

Now let's say we want the Cisco-IP-Phone endpoints with group ID 14f5cac0-8c00-11e6-996c-525400b48521.

If you look at the structure of an endpoint object (this one is a printer) the attribute for the Endpoint Identity Group is groupID:

curl \
--insecure \
--location \
--silent \
--header 'Accept: application/json' \
--user $ise_rest_username:$ise_rest_password \
--request GET https://$ise_hostname/ers/config/endpoint/0e436440-cd53-11ec-bf2c-8220985ab925
{
"ERSEndPoint" : {
"id" : "0e436440-cd53-11ec-bf2c-8220985ab925",
"name" : "00:00:AA:C0:93:18",
"description" : "Epson Printer",
"mac" : "00:00:AA:C0:93:18",
"profileId" : "44031480-8c00-11e6-996c-525400b48521",
"staticProfileAssignment" : false,
"staticProfileAssignmentDefined" : true,
"groupId" : "22c6c780-8c00-11e6-996c-525400b48521",
"staticGroupAssignment" : true,
"staticGroupAssignmentDefined" : true,
"portalUser" : "",
"identityStore" : "",
"identityStoreId" : "",
"link" : {
"rel" : "self",
"href" : "https://198.18.133.27/ers/config/endpoint/0e436440-cd53-11ec-bf2c-8220985ab925",
"type" : "application/json"
}
}
}

We can run a query against the endpoints using the groupID attribute matching the Endpoint Group ID for our Cisco-IP-Phones :

curl \
--insecure \
--location \
--silent \
--header 'Accept: application/json' \
--user $ise_rest_username:$ise_rest_password \
--request GET https://$ise_hostname/ers/config/endpoint\?\&filter\=groupId.EQ.14f5cac0-8c00-11e6-996c-525400b48521 \
| jq -C '.[].resources[] | [.id,.name,.description ] | join(" | ")'
"0b36e790-cd53-11ec-bf2c-8220985ab925 | 00:11:BB:EF:EE:66 | IP Phone"
"0bdc7660-cd53-11ec-bf2c-8220985ab925 | 00:11:BB:5F:C4:28 | IP Phone"
"0c811ad0-cd53-11ec-bf2c-8220985ab925 | 00:11:BB:9E:57:BC | IP Phone"

8-)

 

 

Go to solution
Wes Schochet
Level 3
Level 3
In response to thomas

‎05-06-2022 11:05 AM

Exactly what i was looking for - thanks so much!

0 Helpful

Go to solution
HUBERT RESCH
Level 3
Level 3
In response to thomas

‎04-18-2023 09:36 AM

Seems in ISE2.7 this do not work because:

GET https://$ise_hostname/ers/config/endpoint
does not include the groupId in the endpoint-dict ??

it only shows:

{
                "id""1d818dc0-5ff7-11e7-a32e-005056b315ee",
                "name""00:00:00:00:00:01",
                "link": {
                    "rel""self",
                    "href""https://<ISE-IP>:9060/ers/config/endpoint/1d818dc0-5ff7-11e7-a32e-005056b315ee",
                    "type""application/json"
                }
            }

 

 

0 Helpful
Customers Also Viewed These Support Documents