Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
5
Helpful
2
Replies

List endpoints with an assigned SGT through API

Go to solution
Chess Norris
Level 4
Level 4

‎08-16-2019 02:53 AM - edited ‎08-16-2019 03:06 AM

Hi,

In our rapid threat containment setup with Firepower and ISE, we assign a specific SGT when endpoints gets quarantined. 

We are trying to find a way to list all endpoints that are quarantined. Since the clients are assigned a specific tag, I am looking for a way to list all clients with this tag through the rest api. The quarantined client also gets an unique authorization profile assigned to them, so another possible way would be to list which clients are using this specific authorization profile. 

Anyone know if this is possible?

 

Thanks

/Jorgen

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎08-19-2019 10:32 AM

Just tested this and it works with curl. I assume you would want to automate in a python script etc. But here is the basic principle:

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user {} --request GET https://{ISEPan}:9060/ers/config/ancendpoint

Good luck & HTH!

View solution in original post

2 Replies 2

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎08-19-2019 10:32 AM

Just tested this and it works with curl. I assume you would want to automate in a python script etc. But here is the basic principle:

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user {} --request GET https://{ISEPan}:9060/ers/config/ancendpoint

Good luck & HTH!

Go to solution
Chess Norris
Level 4
Level 4
In response to Mike.Cifelli

‎08-20-2019 01:52 AM

Thanks, I will test this as soon as I have access to the ISE server again.

I found an alternative method to get the SGT as well, using the following pxGrid API call - https://<ise name>:8910/pxgrid/mnt/sd/getSessions/

This will give a lot of endpoint information including the SGT. (see example of the output below)

 

            "timestamp": "2019-08-19T15:28:07.451+02:00",

            "state": "STARTED"

            "callingStationId": "00:21:CC:C4:2B:58",

            "calledStationId": "00:CC:FC:43:52:20",

            "auditSessionId": "0000000000001532311AD9BE",

            "ipAddresses": [

                "10.139.120.100"

            ],

            "macAddress": "00:21:CC:C4:2B:58",

            "nasIpAddress": "10.139.0.168",

            "nasPortId": "GigabitEthernet1/0/32",

            "nasPortType": "Ethernet",

            "endpointProfile": "Windows7-Workstation",

            "endpointOperatingSystem": "Windows 7 Enterprise",

            "ctsSecurityGroup": "SGT_QUARANTINE",

            "providers": [

                "None"

 

Best regards

/Jorgen

0 Helpful
Customers Also Viewed These Support Documents