How to Get all Endpoints from ISE

AimanZaid13934 · ‎03-30-2021

Hi,

I would like to enquire on REST API ability to get details such as (' IP' , 'host-name' , 'MAC-address' , 'operating-system')

Is there a way that I can get all of those using the API. As far as I've tested, only 'MAC-address' can be obtained through the API. Besides, it will be such a hassle since the API has limited output per commands. For eg. Get_Endpoints() can get up to 100-200 MAC address per execution. My Endpoints has currently over 20000 Endpoints.

thomas · ‎03-31-2021

No REST API for all endpoints, only Active Endpoints the MNT REST APIs (https://cs.co/ise-api)

How to Get all Endpoints from ISE

SSH to ISE and run 'application configure ise'

ise/admin# application configure ise

Selection configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[11]Enable/Disable ACS Migration
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Enable/Disable Counter Attribute Collection
[15]View Admin Users
[16]Get all Endpoints
[17]Enable/Disable Wifi Setup
[18]Reset Config Wifi Setup
[19]Establish Trust with controller
[20]Reset Context Visibility
[21]Synchronize Context Visibility With Database
[22]Generate Heap Dump
[23]Generate Thread Dump
[24]Force Backup Cancellation
[25]CleanUp ESR 5921 IOS Crash Info Files
[0]Exit

16
Starting to generate All Endpoints report
Copying files to /localdisk
Completed generating All Endpoints report. You can find details in following files located under /localdisk
FullReport_23-Dec-2019.csv

Selection configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[11]Enable/Disable ACS Migration
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Enable/Disable Counter Attribute Collection
[15]View Admin Users
[16]Get all Endpoints
[17]Enable/Disable Wifi Setup
[18]Reset Config Wifi Setup
[19]Establish Trust with controller
[20]Reset Context Visibility
[21]Synchronize Context Visibility With Database
[22]Generate Heap Dump
[23]Generate Thread Dump
[24]Force Backup Cancellation
[25]CleanUp ESR 5921 IOS Crash Info Files
[0]Exit

0
ise/admin#

Copy to an S/FTP Server

ise/admin# dir
Directory of disk:/
    44251 Dec 23 2019 17:40:00 FullReport_23-Dec-2019.csv
    ...

ise/admin# copy disk:/FullReport_23-Dec-2019.csv ftp://198.18.133.36/
Username: admin
Password:
ise/admin#

Endpoint Data

You will find many columns (238!) of data about your endpoints:

MACAddress
ip
FQDN
host-name
IdentityGroup
MatchedPolicy
OUI
dhcp-user-class-identifier
dhcp-class-identifier
dhcp-user-class-id
dhcp-parameter-request-list
User-Agent
User-Name
Description
description
ElapsedDays
InactiveDays
Called-Station-ID
NAS-Port-Type
NADAddress
AAA-Server
BYODRegistration
Calling-Station-ID
User-Fetch-User-Name
Certificate Expiration Date
Certificate Issue Date
Certificate Issuer Name
Certificate Serial Number
DestinationIPAddress
Device Identifier
Device Name
DeviceRegistrationStatus
EndPointPolicy
EndPointPolicyID
EndPointProfilerServer
EndPointSource
FirstCollection
FirstCollectionLong
Framed-IP-Address
IdentityGroupID
IdentityStoreGUID
IdentityStoreName
L4_DST_PORT
LastNmapScanTime
MDMCompliant
MDMCompliantFailureReason
MDMDiskEncrypted
MDMEnrolled
MDMImei
MDMJailBroken
MDMManufacturer
MDMModel
MDMOSVersion
MDMPhoneNumber
MDMPinLockSet
MDMProvider
MDMSerialNumber
MDMUpdateTime
MDMServerReachable
MDMServerID
PhoneID
PhoneIDType
PreviousDeviceRegistrationStatus
MatchedPolicyID
NAS-IP-Address
NAS-Port-Id
NmapScanCount
NmapSubnetScanID
OS Version
PolicyVersion
PortalUser
PostureApplicable
PostureOS
PostureFailureReason
Product
RegistrationTimeStamp
SSID
StaticAssignment
StaticGroupAssignment
TimeToProfile
Total Certainty Factor
cdpCacheAddress
cdpCacheCapabilities
cdpCacheDeviceId
cdpCachePlatform
cdpCacheVersion
ciaddr
dhcp-requested-address
hrDeviceDescr
ifIndex
iotAssetRetrievedFrom
iotAssetDeviceType
iotAssetProductName
iotAssetVendorID
iotAssetProductCode
iotAssetSerialNumber
iotAssetTrustLevel
lldpCacheCapabilities
lldpCapabilitiesMapSupported
lldpSystemDescription
operating-system
sysDescr
161-udp
AUPAccepted
LastAUPAccepted
UpdateTime
UpdateTimeLong
CreateTime
CacheUpdateTime
AC_User_Agent
UniqueSubjectID
AD-Operating-System
AD-OS-Version
AD-Service-Pack
AD-Host-Exists
AD-Join-Point
AD-Last-Fetch-Time
AD-Fetch-Host-Name
operating-system-result
IsRegistered
User-Fetch-First-Name
User-Fetch-Email
User-Fetch-Last-Name
User-Fetch-Department
User-Fetch-Telephone
User-Fetch-Job-Title
User-Fetch-Organizational-Unit
User-Fetch-CountryName
User-Fetch-LocalityName
User-Fetch-StateOrProvinceName
User-Fetch-StreetAddress
User-Fetch-PassiveID-Username
LastActivity
LastActivityLong
User-Name
515-tcp
9100-tcp
ADDomain
Airespace-Wlan-Id
AllowedProtocolMatchedRule
AuthState
AuthenticationIdentityStore
AuthenticationMethod
AuthorizationPolicyMatchedRule
DestinationPort
DetailedInfo
Device IP Address
Device Port
Device Type
DeviceCompliance
EapAuthentication
EapChainingResult
EapTunnel
EndPointMACAddress
FailureReason
IdentityPolicyMatchedRule
IssuedPacInfo
L4_SRC_PORT
LastAUPAcceptanceHours
Location
LogicalProfile
MACAddress
MDMMeid
MDMServerName
MDMUdid
MessageCode
NAS-Identifier
NAS-Port
NetworkDeviceGroups
NetworkDeviceName
OperatingSystem
PROTOCOL
PortalUser.CreationType
PostureAssessmentStatus
PostureStatus
RadiusPacketType
SelectedAccessService
SelectedAuthenticationIdentityStores
SelectedAuthorizationProfiles
Service-Type
UserType
Vlan
VlanName
active
authStatus
byodRegistration
chaddr
client-fqdn
customAttrCount
device-platform
device-platform-version
device-type
deviceRegistrationStatus
dhcp-client-identifier
dhcp-message-type
dhcpv6-vendor-class
enabledMDM
endpointProfilerServer
errorMessage
fileImportErrorMessage
fileImportStatus
flags
giaddr
h323DeviceName
h323DeviceVendor
h323DeviceVersion
hlen
hostName
htype
identityGroup
ipAddr
ipv6
isMDMEnrolled
lldpChassisId
lldpSystemName
macAddress
mdmServerName
mdns_VSM_class_identifier
mdns_VSM_srv_identifier
mdns_VSM_txt_identifier
name
nasIPAddress
nasPort
nativeDeviceIdentifier
nativeMDM
op
oui
policyName
portalUser
sipDeviceName
sipDeviceVendor
sipDeviceVersion
staticEndpoint
staticGroupEndpoint
sysContact
sysLocation
sysName
yiaddr

View solution in original post

Mike.Cifelli · ‎03-30-2021

I would suggest taking a peek at the online SDK via https://<isepan>:9060/ers/sdk#

Also, have a look into the MNT APIs as they may be able to meet your desires: Cisco Identity Services Engine API Reference Guide, Release 2.x - Introduction to the Monitoring REST APIs [Cisco Identity Services Engine] - Cisco

I do know there are a few APIs that will return a bit more information when using the endpoint ID string:

1: GET endpoint ID by filter on MAC:

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user:pass> --request GET https://<isepan>:9060/ers/config/endpoint?filter=mac.EQ.XX:XX:XX:XX:XX

Then the following will return info such as: name, mac, profile id, etc.

 curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user:pass> --request GET https://<isepan>:9060/ers/config/endpoint/1324c060-9093-11eb-9962-c63c5470e9ab

Good luck & HTH!

AimanZaid13934 · ‎03-31-2021

Hi Mike,

I’ve tried to look deep into the documentation. It does not have the required attributes such as I’ve mentioned which is ip, host-name, mac-address, operating-system.

Does REST API have limited capabilities on extracting the attributes above ?

I’ve also tried to extract based on the commands that you gave. It still does not return the values that I need. Only mac-address is returned. And that also is limited to 200 per requests as I have around 20000 endpoints data need to collect. That will be such a hassle isn’t it if I need to run the command few times.

Regards,

aiman

ggmeza · ‎04-27-2022

Hi, once I found the mac address, How can I move the endpoint from one group to another? does exist any api call to do this? And may I loss any log associated with the endpoint?

Thanks.

thomas · ‎03-31-2021

No REST API for all endpoints, only Active Endpoints the MNT REST APIs (https://cs.co/ise-api)

How to Get all Endpoints from ISE

SSH to ISE and run 'application configure ise'

ise/admin# application configure ise

Selection configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[11]Enable/Disable ACS Migration
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Enable/Disable Counter Attribute Collection
[15]View Admin Users
[16]Get all Endpoints
[17]Enable/Disable Wifi Setup
[18]Reset Config Wifi Setup
[19]Establish Trust with controller
[20]Reset Context Visibility
[21]Synchronize Context Visibility With Database
[22]Generate Heap Dump
[23]Generate Thread Dump
[24]Force Backup Cancellation
[25]CleanUp ESR 5921 IOS Crash Info Files
[0]Exit

16
Starting to generate All Endpoints report
Copying files to /localdisk
Completed generating All Endpoints report. You can find details in following files located under /localdisk
FullReport_23-Dec-2019.csv

Selection configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[11]Enable/Disable ACS Migration
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Enable/Disable Counter Attribute Collection
[15]View Admin Users
[16]Get all Endpoints
[17]Enable/Disable Wifi Setup
[18]Reset Config Wifi Setup
[19]Establish Trust with controller
[20]Reset Context Visibility
[21]Synchronize Context Visibility With Database
[22]Generate Heap Dump
[23]Generate Thread Dump
[24]Force Backup Cancellation
[25]CleanUp ESR 5921 IOS Crash Info Files
[0]Exit

0
ise/admin#

Copy to an S/FTP Server

ise/admin# dir
Directory of disk:/
    44251 Dec 23 2019 17:40:00 FullReport_23-Dec-2019.csv
    ...

ise/admin# copy disk:/FullReport_23-Dec-2019.csv ftp://198.18.133.36/
Username: admin
Password:
ise/admin#

Endpoint Data

You will find many columns (238!) of data about your endpoints:

MACAddress
ip
FQDN
host-name
IdentityGroup
MatchedPolicy
OUI
dhcp-user-class-identifier
dhcp-class-identifier
dhcp-user-class-id
dhcp-parameter-request-list
User-Agent
User-Name
Description
description
ElapsedDays
InactiveDays
Called-Station-ID
NAS-Port-Type
NADAddress
AAA-Server
BYODRegistration
Calling-Station-ID
User-Fetch-User-Name
Certificate Expiration Date
Certificate Issue Date
Certificate Issuer Name
Certificate Serial Number
DestinationIPAddress
Device Identifier
Device Name
DeviceRegistrationStatus
EndPointPolicy
EndPointPolicyID
EndPointProfilerServer
EndPointSource
FirstCollection
FirstCollectionLong
Framed-IP-Address
IdentityGroupID
IdentityStoreGUID
IdentityStoreName
L4_DST_PORT
LastNmapScanTime
MDMCompliant
MDMCompliantFailureReason
MDMDiskEncrypted
MDMEnrolled
MDMImei
MDMJailBroken
MDMManufacturer
MDMModel
MDMOSVersion
MDMPhoneNumber
MDMPinLockSet
MDMProvider
MDMSerialNumber
MDMUpdateTime
MDMServerReachable
MDMServerID
PhoneID
PhoneIDType
PreviousDeviceRegistrationStatus
MatchedPolicyID
NAS-IP-Address
NAS-Port-Id
NmapScanCount
NmapSubnetScanID
OS Version
PolicyVersion
PortalUser
PostureApplicable
PostureOS
PostureFailureReason
Product
RegistrationTimeStamp
SSID
StaticAssignment
StaticGroupAssignment
TimeToProfile
Total Certainty Factor
cdpCacheAddress
cdpCacheCapabilities
cdpCacheDeviceId
cdpCachePlatform
cdpCacheVersion
ciaddr
dhcp-requested-address
hrDeviceDescr
ifIndex
iotAssetRetrievedFrom
iotAssetDeviceType
iotAssetProductName
iotAssetVendorID
iotAssetProductCode
iotAssetSerialNumber
iotAssetTrustLevel
lldpCacheCapabilities
lldpCapabilitiesMapSupported
lldpSystemDescription
operating-system
sysDescr
161-udp
AUPAccepted
LastAUPAccepted
UpdateTime
UpdateTimeLong
CreateTime
CacheUpdateTime
AC_User_Agent
UniqueSubjectID
AD-Operating-System
AD-OS-Version
AD-Service-Pack
AD-Host-Exists
AD-Join-Point
AD-Last-Fetch-Time
AD-Fetch-Host-Name
operating-system-result
IsRegistered
User-Fetch-First-Name
User-Fetch-Email
User-Fetch-Last-Name
User-Fetch-Department
User-Fetch-Telephone
User-Fetch-Job-Title
User-Fetch-Organizational-Unit
User-Fetch-CountryName
User-Fetch-LocalityName
User-Fetch-StateOrProvinceName
User-Fetch-StreetAddress
User-Fetch-PassiveID-Username
LastActivity
LastActivityLong
User-Name
515-tcp
9100-tcp
ADDomain
Airespace-Wlan-Id
AllowedProtocolMatchedRule
AuthState
AuthenticationIdentityStore
AuthenticationMethod
AuthorizationPolicyMatchedRule
DestinationPort
DetailedInfo
Device IP Address
Device Port
Device Type
DeviceCompliance
EapAuthentication
EapChainingResult
EapTunnel
EndPointMACAddress
FailureReason
IdentityPolicyMatchedRule
IssuedPacInfo
L4_SRC_PORT
LastAUPAcceptanceHours
Location
LogicalProfile
MACAddress
MDMMeid
MDMServerName
MDMUdid
MessageCode
NAS-Identifier
NAS-Port
NetworkDeviceGroups
NetworkDeviceName
OperatingSystem
PROTOCOL
PortalUser.CreationType
PostureAssessmentStatus
PostureStatus
RadiusPacketType
SelectedAccessService
SelectedAuthenticationIdentityStores
SelectedAuthorizationProfiles
Service-Type
UserType
Vlan
VlanName
active
authStatus
byodRegistration
chaddr
client-fqdn
customAttrCount
device-platform
device-platform-version
device-type
deviceRegistrationStatus
dhcp-client-identifier
dhcp-message-type
dhcpv6-vendor-class
enabledMDM
endpointProfilerServer
errorMessage
fileImportErrorMessage
fileImportStatus
flags
giaddr
h323DeviceName
h323DeviceVendor
h323DeviceVersion
hlen
hostName
htype
identityGroup
ipAddr
ipv6
isMDMEnrolled
lldpChassisId
lldpSystemName
macAddress
mdmServerName
mdns_VSM_class_identifier
mdns_VSM_srv_identifier
mdns_VSM_txt_identifier
name
nasIPAddress
nasPort
nativeDeviceIdentifier
nativeMDM
op
oui
policyName
portalUser
sipDeviceName
sipDeviceVendor
sipDeviceVersion
staticEndpoint
staticGroupEndpoint
sysContact
sysLocation
sysName
yiaddr

AimanZaid13934 · ‎03-31-2021

Hi Thomas,

i’ve tried CLI method and it is working as per se. Thanks for the solution.

I’ve taken a deep look in REST API. The method for endpoints is last updated based on ise 2.2.

Is there anyway it will be updated soon with more functionality?

regards,

aiman

thomas · ‎03-31-2021

I doubt it since that is not the purpose of the ERS API.

I agree there should be another method to easily get all of the attributes in ISE about an endpoint.

I've already shared this thread with a PM so they are aware of the need. 8-)

bharathisriram06 · ‎06-10-2023

Is there an Api to get all endpoints??

sureshot · ‎09-22-2023

Get "/ers/config/endpoint" api allows the client to get all the endpoints.

Filters can be used to filter out Endpoints based on a set of attributes. This API currently provides the following filters: [logicalProfileName, portalUser, staticProfileAssignment, profileId, profile, groupId, staticGroupAssignment, mac]

If it's Open API, then api will be "Get /api/v1/endpoint"

More info at -> https://developer.cisco.com/docs/identity-services-engine/latest/#!endpoint

REST API Cisco ISE Endpoint Details

How to Get all Endpoints from ISE

Copy to an S/FTP Server

Endpoint Data

How to Get all Endpoints from ISE

Copy to an S/FTP Server

Endpoint Data