Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
5
Helpful
4
Replies

Question: Is there a way to update Endpoints in pxGrid without creating new ones?

Go to solution
Yakirke
Level 1
Level 1

‎09-09-2020 03:46 PM - edited ‎09-09-2020 03:47 PM

I would like to only update endpoints in pxGrid if they already exist. Following Endpoint Asset documentation, there's an opType UPDATE for achieving this when publishing to /topic/com.cisco.endpoint.asset. It seems that it operates as an upsert (It creates new devices). As a matter of fact, I've seen no difference between the UPDATE and the CREATE operation as both insert-update endpoints.

Is there a way to update Endpoints in pxGrid without creating new ones?

Example endpoint:

TEST_ENDPOINT = {
    "opType": "UPDATE",
    "asset": {
        "assetId": "999",
        "assetName": "test_asset",
        "assetHwRevision": "5.6",
        "assetProtocol": "CIP",
        "assetVendor": "Cisco Systems",
        "assetSwRevision": "4.6",
        "assetProductId": "IE2000",
        "assetSerialNumber": "1212121213243",
        "assetMacAddress": "00:da:ba:da:ba:da",
        "assetIpAddress": "192.12.217.16",
        "assetDeviceType": "EtherNet IP Node"
    }
}

Thanks! 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
einarnn
Cisco Employee
Cisco Employee
In response to Yakirke

‎10-16-2020 11:49 AM

Via pxGrid an endpoint will always be created if it doesn't exist.

Cheers,

Einar

 

View solution in original post

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Yakirke

‎10-22-2020 10:21 AM

No way to poll all devices in ISE with pxGrid

 

The use case is a system can detect devices that are not managed by ISE.

  • For example devices on a different non-ise managed network
  • Or devices that don’t need to connect at all
  • Or devices that are still relevant but haven’t connected to the network In a long time (purged from ISE)
  • Only want to report on devices that authenticate with ISE

 

pxGrid current functionality

  • On an update will also create an endpoint (if one doesn’t exist)
  • If device exists then are be able to update it.
  • If trying to use create logic is no different then update it seems..

 

There system is only a one way publishing, if a device exists then update it, but right now update also creates so it presents a problem.

They can’t query if a device exists. It could get added after they query as well..

They currently listen on device sessions but this doesn’t give all device history. For now this is a patch but doesn’t encompass all endpoints necessarily

 

Now we know that we're not missing some PxGrid update functionality and we will probably look at the ERS path down the road after completing our PxGrid feature.

View solution in original post

4 Replies 4

Go to solution
einarnn
Cisco Employee
Cisco Employee

‎09-18-2020 01:16 PM - edited ‎09-18-2020 01:16 PM

Is your desired behaviour for a UPDATE to fail if the endpoint doesn't already exist? If so, could you expand on your use case?

Cheers,

Einar

0 Helpful

Go to solution
Yakirke
Level 1
Level 1
In response to einarnn

‎10-14-2020 08:26 AM

Hi Einar,

So in our use case we don't want to create new devices on customer environments (unless configured to do so). This way, we can enrich existing devices that had been seen on the network with additional information. The consideration is for the customers who are worried that they will suddenly see a lot more devices that haven't actually authenticated / accessed the network.

Is there a way to update devices through PxGrid without creating new ones?

Thanks for the help!!

0 Helpful

Go to solution
einarnn
Cisco Employee
Cisco Employee
In response to Yakirke

‎10-16-2020 11:49 AM

Via pxGrid an endpoint will always be created if it doesn't exist.

Cheers,

Einar

 

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Yakirke

‎10-22-2020 10:21 AM

No way to poll all devices in ISE with pxGrid

 

The use case is a system can detect devices that are not managed by ISE.

  • For example devices on a different non-ise managed network
  • Or devices that don’t need to connect at all
  • Or devices that are still relevant but haven’t connected to the network In a long time (purged from ISE)
  • Only want to report on devices that authenticate with ISE

 

pxGrid current functionality

  • On an update will also create an endpoint (if one doesn’t exist)
  • If device exists then are be able to update it.
  • If trying to use create logic is no different then update it seems..

 

There system is only a one way publishing, if a device exists then update it, but right now update also creates so it presents a problem.

They can’t query if a device exists. It could get added after they query as well..

They currently listen on device sessions but this doesn’t give all device history. For now this is a patch but doesn’t encompass all endpoints necessarily

 

Now we know that we're not missing some PxGrid update functionality and we will probably look at the ERS path down the road after completing our PxGrid feature.

Customers Also Viewed These Support Documents