About the connector
Aruba ClearPass is a policy management platform that enables businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies.
This document provides information about the Aruba ClearPass connector, which facilitates automated interactions, with an Aruba ClearPass server using FortiSOAR™ playbooks. Add the Aruba ClearPass connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a collection of all currently managed guest accounts from Aruba ClearPass, terminating an active session in the Aruba ClearPass, updating the status of a specific connected endpoint in the Aruba ClearPass network, etc.
Version information
Connector Version: 1.1.0
Authored By: Community
Certified: No
Release Notes for version 1.1.0
Following enhancements have been made to the Aruba ClearPass Connector in version 1.1.0:
- Added the following operations and playbooks:
- Disable Device
- Send Session COA by MAC
- Get Device Profile
- Updated the following operations:
- Added a new parameter Filter in List Sessions action.
Installing the connector
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-aruba-clearpass
Prerequisites to configuring the connector
- You must have the IP address or FQDN of the Aruba ClearPass server to which to connect and perform automated operations.
- You must also have the client ID from your client app definition and the client secret or username-password pair to connect to Aruba ClearPass.
- The FortiSOAR™ server should have outbound connectivity to port 443 on the Aruba ClearPass server.
Minimum Permissions Required
Configuring the connector
For the procedure to configure a connector, click here
Configuration parameters
In FortiSOAR™, on the Connectors page, click the Aruba ClearPass connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
| Parameter |
Description |
| Server Address |
IP address or FQDN of the Aruba ClearPass server to which to connect and perform the automated operations. |
| Client ID |
The client ID from your Aruba API client app definition. |
| Authorization Grant Type |
Select the Aruba ClearPass authentication type from the following:
- Client Secret: In the Client Secret field specify the client secret from your Aruba API client app definition. The client secret is required if the API client definition is not configured as a public client.
- Username/Password: Enter following details:
- Username: Enter the username to access the Aruba ClearPass server to which you will connect and perform the automated operations.
- Password: Enter the password to access the Aruba ClearPass server to which you will connect and perform the automated operations.
|
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
| Function |
Description |
Annotation and Category |
| Get List of Guests |
Retrieves a collection, of all currently managed guest accounts, from Aruba ClearPass. |
list_guests
Investigation |
| Get Guest Details |
Retrieves details of a specific guest account from Aruba ClearPass based on the Guest ID you have specified. |
get_guest_details
Investigation |
| List Endpoint |
Retrieves the list of all connected endpoints on the Aruba ClearPass network. |
list_endpoints
Investigation |
| Get Endpoint Detail |
Retrieves details of a specific endpoint from Aruba ClearPass based on the Endpoint ID you have specified. |
get_endpoint_details
Investigation |
| Update Endpoint Status |
Updates the status of a specific connected endpoint in the Aruba ClearPass network based on the Endpoint ID and status you have specified. |
update_endpoint_status
Investigation |
| List Sessions |
Retrieves a list of all active sessions from the Aruba ClearPass network. |
list_sessions
Investigation |
| Terminate Sessions |
Terminates an active session in the Aruba ClearPass network based on the Session ID you have specified. |
terminate_session
Investigation |
| Disable Device |
Disables a device registered in Aruba ClearPass Guest based on the MAC address you have specified. |
disable_device
Remediation |
| Send Session COA by MAC |
Sends a RADIUS Change of Authorization (COA) to the Aruba ClearPass session based on the MAC address and COA Profile you have specified. |
session_coa_mac
Remediation |
| Get Device Profile |
Retrieves the attributes of a device profiled by Aruba ClearPass based on the MAC address or IP address you have specified. |
get_device_profile
Investigation |
operation: Get List of Guests
Input parameters
None.
Output
The output contains a non-dictionary value.
operation: Get Guest Details
Input parameters
| Parameter |
Description |
| Guest ID |
Specify the ID of the guest whose details you want to retrieve from Aruba ClearPass. |
Output
The output contains a non-dictionary value.
operation: List Endpoint
Input parameters
None.
Output
The output contains the following populated JSON schema:
{
"_links": {
"self": {
"href": ""
},
"first": {
"href": ""
}
},
"_embedded": {
"items": [
{
"id": "",
"mac_address": "",
"status": "",
"device_insight_tags": [],
"attributes": {},
"_links": {
"self": {
"href": ""
}
}
}
]
}
}
operation: Get Endpoint Detail
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the ID of the endpoint whose details you want to retrieve from Aruba ClearPass. |
Output
The output contains the following populated JSON schema:
{
"id": "",
"mac_address": "",
"status": "",
"device_insight_tags": [],
"attributes": {},
"_links": {
"self": {
"href": ""
}
}
}
operation: Update Endpoint Status
Input parameters
| Parameter |
Description |
| Endpoint ID |
Specify the ID of the endpoint whose status you want to update in the Aruba ClearPass network. |
| Endpoint Status |
Select the status that you want to update for the specific endpoint in the Aruba ClearPass network. You can choose from the following options:
|
| Description |
(Optional) Specify a description to add while updating the status of the specific endpoint in the Aruba ClearPass network. |
Output
The output contains a non-dictionary value.
operation: List Sessions
Input parameters
| Parameter |
Description |
| Filter |
(Optional) Specify a criteria to filter the list of sessions retrieved from Aruba ClearPass network.
For filter syntax, refer to the Aruba ClearPass REST API filtering. |
Output
The output contains the following populated JSON schema:
{
"_links": {
"self": {
"href": ""
},
"first": {
"href": ""
}
},
"_embedded": {
"items": [
{
"id": "",
"ssid": "",
"state": "",
"_links": {
"self": {
"href": ""
}
},
"ap_name": "",
"nas_name": "",
"username": "",
"cppm_uuid": "",
"nasportid": "",
"role_name": "",
"updated_at": "",
"mac_address": "",
"nasporttype": "",
"servicetype": "",
"acctstoptime": "",
"nasipaddress": "",
"sponsor_name": "",
"visitor_name": "",
"acctsessionid": "",
"acctstarttime": "",
"arubauserrole": "",
"arubauservlan": "",
"sponsor_email": "",
"total_traffic": "",
"visitor_phone": "",
"acctinputoctets": "",
"acctsessiontime": "",
"calledstationid": "",
"framedipaddress": "",
"visitor_carrier": "",
"visitor_company": "",
"acctoutputoctets": "",
"callingstationid": "",
"acctterminatecause": "",
"sponsor_profile_name": ""
}
]
}
}
operation: Terminate Sessions
Input parameters
| Parameter |
Description |
| Session ID |
Specify the ID of the session to terminate from the Aruba ClearPass network. |
Output
The output contains a non-dictionary value.
operation: Disable Device
Input parameters
| Parameter |
Description |
| MAC Address |
(Optional) Specify the MAC address of the device to disable from the Aruba ClearPass. |
Output
The output contains a non-dictionary value.
operation: Send Session COA by MAC
Input parameters
| Parameter |
Description |
| MAC Address |
(Optional) Specify the MAC address to identify the Aruba ClearPass session. |
| COA Profile |
(Optional) Specify the COA Profile to send a RADIUS COA to the Aruba ClearPass network. |
Output
The output contains a non-dictionary value.
operation: Get Device Profile
Input parameters
| Parameter |
Description |
| MAC Address /IP Address |
Specify the MAC or the IP Address to get attributes of a device from the Aruba ClearPass network. |
Output
The output contains a non-dictionary value.
Included playbooks
The Sample - Aruba ClearPass - 1.1.0 playbook collection comes bundled with the Aruba ClearPass connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Aruba ClearPass connector.
- Disable Device
- Get Device Profile
- Get Endpoint Detail
- Get Guest Details
- Get List of Guests
- List Endpoint
- List Sessions
- Send Session COA by MAC
- Terminate Sessions
- Update Endpoint Status
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
