Aruba ClearPass is a policy management platform that enables businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies.
This document provides information about the Aruba ClearPass connector, which facilitates automated interactions, with an Aruba ClearPass server using FortiSOAR™ playbooks. Add the Aruba ClearPass connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a collection of all currently managed guest accounts from Aruba ClearPass, terminating an active session in the Aruba ClearPass, updating the status of a specific connected endpoint in the Aruba ClearPass network, etc.
Connector Version: 1.1.0
Authored By: Community
Certified: No
Following enhancements have been made to the Aruba ClearPass Connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-aruba-clearpass
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Aruba ClearPass connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server Address | IP address or FQDN of the Aruba ClearPass server to which to connect and perform the automated operations. |
Client ID | The client ID from your Aruba API client app definition. |
Authorization Grant Type | Select the Aruba ClearPass authentication type from the following:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get List of Guests | Retrieves a collection, of all currently managed guest accounts, from Aruba ClearPass. | list_guests Investigation |
Get Guest Details | Retrieves details of a specific guest account from Aruba ClearPass based on the Guest ID you have specified. | get_guest_details Investigation |
List Endpoint | Retrieves the list of all connected endpoints on the Aruba ClearPass network. | list_endpoints Investigation |
Get Endpoint Detail | Retrieves details of a specific endpoint from Aruba ClearPass based on the Endpoint ID you have specified. | get_endpoint_details Investigation |
Update Endpoint Status | Updates the status of a specific connected endpoint in the Aruba ClearPass network based on the Endpoint ID and status you have specified. | update_endpoint_status Investigation |
List Sessions | Retrieves a list of all active sessions from the Aruba ClearPass network. | list_sessions Investigation |
Terminate Sessions | Terminates an active session in the Aruba ClearPass network based on the Session ID you have specified. | terminate_session Investigation |
Disable Device | Disables a device registered in Aruba ClearPass Guest based on the MAC address you have specified. | disable_device Remediation |
Send Session COA by MAC | Sends a RADIUS Change of Authorization (COA) to the Aruba ClearPass session based on the MAC address and COA Profile you have specified. | session_coa_mac Remediation |
Get Device Profile | Retrieves the attributes of a device profiled by Aruba ClearPass based on the MAC address or IP address you have specified. | get_device_profile Investigation |
None.
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Guest ID | Specify the ID of the guest whose details you want to retrieve from Aruba ClearPass. |
The output contains a non-dictionary value.
None.
The output contains the following populated JSON schema:
{
"_links": {
"self": {
"href": ""
},
"first": {
"href": ""
}
},
"_embedded": {
"items": [
{
"id": "",
"mac_address": "",
"status": "",
"device_insight_tags": [],
"attributes": {},
"_links": {
"self": {
"href": ""
}
}
}
]
}
}
Parameter | Description |
---|---|
Endpoint ID | Specify the ID of the endpoint whose details you want to retrieve from Aruba ClearPass. |
The output contains the following populated JSON schema:
{
"id": "",
"mac_address": "",
"status": "",
"device_insight_tags": [],
"attributes": {},
"_links": {
"self": {
"href": ""
}
}
}
Parameter | Description |
---|---|
Endpoint ID | Specify the ID of the endpoint whose status you want to update in the Aruba ClearPass network. |
Endpoint Status | Select the status that you want to update for the specific endpoint in the Aruba ClearPass network. You can choose from the following options:
|
Description | (Optional) Specify a description to add while updating the status of the specific endpoint in the Aruba ClearPass network. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Filter | (Optional) Specify a criteria to filter the list of sessions retrieved from Aruba ClearPass network. For filter syntax, refer to the Aruba ClearPass REST API filtering. |
The output contains the following populated JSON schema:
{
"_links": {
"self": {
"href": ""
},
"first": {
"href": ""
}
},
"_embedded": {
"items": [
{
"id": "",
"ssid": "",
"state": "",
"_links": {
"self": {
"href": ""
}
},
"ap_name": "",
"nas_name": "",
"username": "",
"cppm_uuid": "",
"nasportid": "",
"role_name": "",
"updated_at": "",
"mac_address": "",
"nasporttype": "",
"servicetype": "",
"acctstoptime": "",
"nasipaddress": "",
"sponsor_name": "",
"visitor_name": "",
"acctsessionid": "",
"acctstarttime": "",
"arubauserrole": "",
"arubauservlan": "",
"sponsor_email": "",
"total_traffic": "",
"visitor_phone": "",
"acctinputoctets": "",
"acctsessiontime": "",
"calledstationid": "",
"framedipaddress": "",
"visitor_carrier": "",
"visitor_company": "",
"acctoutputoctets": "",
"callingstationid": "",
"acctterminatecause": "",
"sponsor_profile_name": ""
}
]
}
}
Parameter | Description |
---|---|
Session ID | Specify the ID of the session to terminate from the Aruba ClearPass network. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
MAC Address | (Optional) Specify the MAC address of the device to disable from the Aruba ClearPass. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
MAC Address | (Optional) Specify the MAC address to identify the Aruba ClearPass session. |
COA Profile | (Optional) Specify the COA Profile to send a RADIUS COA to the Aruba ClearPass network. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
MAC Address /IP Address | Specify the MAC or the IP Address to get attributes of a device from the Aruba ClearPass network. |
The output contains a non-dictionary value.
The Sample - Aruba ClearPass - 1.1.0
playbook collection comes bundled with the Aruba ClearPass connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Aruba ClearPass connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Aruba ClearPass is a policy management platform that enables businesses to effortlessly onboard new devices, grant varying access levels, and keep their networks secure. ClearPass allows you to safely connect business and personal devices to your network in compliance with your security policies.
This document provides information about the Aruba ClearPass connector, which facilitates automated interactions, with an Aruba ClearPass server using FortiSOAR™ playbooks. Add the Aruba ClearPass connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a collection of all currently managed guest accounts from Aruba ClearPass, terminating an active session in the Aruba ClearPass, updating the status of a specific connected endpoint in the Aruba ClearPass network, etc.
Connector Version: 1.1.0
Authored By: Community
Certified: No
Following enhancements have been made to the Aruba ClearPass Connector in version 1.1.0:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-aruba-clearpass
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Aruba ClearPass connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server Address | IP address or FQDN of the Aruba ClearPass server to which to connect and perform the automated operations. |
Client ID | The client ID from your Aruba API client app definition. |
Authorization Grant Type | Select the Aruba ClearPass authentication type from the following:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get List of Guests | Retrieves a collection, of all currently managed guest accounts, from Aruba ClearPass. | list_guests Investigation |
Get Guest Details | Retrieves details of a specific guest account from Aruba ClearPass based on the Guest ID you have specified. | get_guest_details Investigation |
List Endpoint | Retrieves the list of all connected endpoints on the Aruba ClearPass network. | list_endpoints Investigation |
Get Endpoint Detail | Retrieves details of a specific endpoint from Aruba ClearPass based on the Endpoint ID you have specified. | get_endpoint_details Investigation |
Update Endpoint Status | Updates the status of a specific connected endpoint in the Aruba ClearPass network based on the Endpoint ID and status you have specified. | update_endpoint_status Investigation |
List Sessions | Retrieves a list of all active sessions from the Aruba ClearPass network. | list_sessions Investigation |
Terminate Sessions | Terminates an active session in the Aruba ClearPass network based on the Session ID you have specified. | terminate_session Investigation |
Disable Device | Disables a device registered in Aruba ClearPass Guest based on the MAC address you have specified. | disable_device Remediation |
Send Session COA by MAC | Sends a RADIUS Change of Authorization (COA) to the Aruba ClearPass session based on the MAC address and COA Profile you have specified. | session_coa_mac Remediation |
Get Device Profile | Retrieves the attributes of a device profiled by Aruba ClearPass based on the MAC address or IP address you have specified. | get_device_profile Investigation |
None.
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Guest ID | Specify the ID of the guest whose details you want to retrieve from Aruba ClearPass. |
The output contains a non-dictionary value.
None.
The output contains the following populated JSON schema:
{
"_links": {
"self": {
"href": ""
},
"first": {
"href": ""
}
},
"_embedded": {
"items": [
{
"id": "",
"mac_address": "",
"status": "",
"device_insight_tags": [],
"attributes": {},
"_links": {
"self": {
"href": ""
}
}
}
]
}
}
Parameter | Description |
---|---|
Endpoint ID | Specify the ID of the endpoint whose details you want to retrieve from Aruba ClearPass. |
The output contains the following populated JSON schema:
{
"id": "",
"mac_address": "",
"status": "",
"device_insight_tags": [],
"attributes": {},
"_links": {
"self": {
"href": ""
}
}
}
Parameter | Description |
---|---|
Endpoint ID | Specify the ID of the endpoint whose status you want to update in the Aruba ClearPass network. |
Endpoint Status | Select the status that you want to update for the specific endpoint in the Aruba ClearPass network. You can choose from the following options:
|
Description | (Optional) Specify a description to add while updating the status of the specific endpoint in the Aruba ClearPass network. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Filter | (Optional) Specify a criteria to filter the list of sessions retrieved from Aruba ClearPass network. For filter syntax, refer to the Aruba ClearPass REST API filtering. |
The output contains the following populated JSON schema:
{
"_links": {
"self": {
"href": ""
},
"first": {
"href": ""
}
},
"_embedded": {
"items": [
{
"id": "",
"ssid": "",
"state": "",
"_links": {
"self": {
"href": ""
}
},
"ap_name": "",
"nas_name": "",
"username": "",
"cppm_uuid": "",
"nasportid": "",
"role_name": "",
"updated_at": "",
"mac_address": "",
"nasporttype": "",
"servicetype": "",
"acctstoptime": "",
"nasipaddress": "",
"sponsor_name": "",
"visitor_name": "",
"acctsessionid": "",
"acctstarttime": "",
"arubauserrole": "",
"arubauservlan": "",
"sponsor_email": "",
"total_traffic": "",
"visitor_phone": "",
"acctinputoctets": "",
"acctsessiontime": "",
"calledstationid": "",
"framedipaddress": "",
"visitor_carrier": "",
"visitor_company": "",
"acctoutputoctets": "",
"callingstationid": "",
"acctterminatecause": "",
"sponsor_profile_name": ""
}
]
}
}
Parameter | Description |
---|---|
Session ID | Specify the ID of the session to terminate from the Aruba ClearPass network. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
MAC Address | (Optional) Specify the MAC address of the device to disable from the Aruba ClearPass. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
MAC Address | (Optional) Specify the MAC address to identify the Aruba ClearPass session. |
COA Profile | (Optional) Specify the COA Profile to send a RADIUS COA to the Aruba ClearPass network. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
MAC Address /IP Address | Specify the MAC or the IP Address to get attributes of a device from the Aruba ClearPass network. |
The output contains a non-dictionary value.
The Sample - Aruba ClearPass - 1.1.0
playbook collection comes bundled with the Aruba ClearPass connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Aruba ClearPass connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.