Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.
This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.
Connector Version: 2.0.0
Authored By: Community
Certified: No
Following enhancements have been made to the Cisco ISE connector in version 2.0.0:
From version 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-cisco-ise
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Cisco ISE connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations. |
Username | Username to access the Cisco ISE to which you will connect and perform the automated operations. |
Password | Password to access the Cisco ISE server to which you will connect and perform the automated operations. |
ERS Port | External RESTful Services (ERS) is a REST API based on HTTPS over port 9060. This is required to be specified for ERS API operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
List All Active Sessions | Retrieves a list of all active sessions from Cisco ISE. | list_active_sessions Investigation |
EPS: Quarantine IP Address | Quarantines an IP address that you have specified on Cisco ISE. | quarantine_ip Containment |
EPS: Quarantine MAC Address | Quarantines a MAC address that you have specified on Cisco ISE. | quarantine_mac Containment |
EPS: Un-Quarantine IP Address | Removes an IP address that you have specified from the quarantine list on Cisco ISE. | unquarantine_ip Containment |
EPS: Un-Quarantine MAC Address | Removes a MAC address that you have specified from the quarantine list on Cisco ISE. | unquarantine_mac Containment |
End a Target MAC address Session | Ends a session of the MAC address that you have specified on Cisco ISE. | end_session Miscellaneous |
MAC Address Logout | Logs off a session of the MAC address that you have specified on Cisco ISE. | logoff_session Miscellaneous |
Get Endpoints | Retrieves details for all ERS endpoints or a specific endpoint from Cisco ISE based on the endpoint ID or name and other input parameters you have specified. | get_ise_endpoint Investigation |
Get ANC Endpoint | Retrieves details for all Adaptive Network Control (ANC) endpoints or a specific ANC endpoint from Cisco ISE based on the ANC Endpoint ID and other input parameters you have specified. | get_anc_endpoint Investigation |
Create ANC Policy | Creates and ANC policy in Cisco ISE based on the ANC policy name and action you have specified. | create_policy Containment |
Get ANC Policy | Retrieves details for all ANC policies or a specific ANC policy from Cisco ISE based on the policy ID or name and other input parameters you have specified. | get_anc_policy Investigation |
Assign ANC Policy | Assigns a specific ANC policy to a MAC address or an IP address on Cisco ISE based on the policy or name and the MAC or IP address you have specified. | assign_policy Containment |
Revoke ANC Policy | Revokes a specific ANC policy from a MAC address or an IP address on Cisco ISE based on the policy or name and the MAC or IP address you have specified. | revoke_policy Remediation |
None.
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target IP Address | IP address of the device to quarantine on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | MAC address of the device to quarantine on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target IP Address | IP address of the device to un-quarantine on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | MAC address of the device to un-quarantine on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | MAC address to end the session on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | MAC address to log out from Cisco ISE. |
Target Server Address | Server address from which you want to log out the target machine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Get Endpoint By | Choose the method using which you want to retrieve endpoint details from Cisco ISE. You can choose between Endpoint ID or Endpoint Name. If you choose 'Endpoint ID', then you must specify the following parameter:
|
Size | Number of results that the operation should include per page. The search result is by default paged to 20 results per page. |
Page | Page number from which you want to retrieve results. Page numbering starts at page 1. |
The output contains the following populated JSON schema if you do not specify any endpoint name or ID for the 'Get Endpoint By' operation:
{
"SearchResult": {
"resources": [
{
"link": {
"type": "",
"rel": "",
"href": ""
},
"id": "",
"name": ""
}
],
"total": ""
}
}
The output contains the following populated JSON schema if you have specified an endpoint name or ID for the 'Get Endpoint By' operation:
{
"ERSEndPoint": {
"identityStore": "",
"id": "",
"portalUser": "",
"description": "",
"staticGroupAssignment": "",
"staticProfileAssignment": "",
"groupId": "",
"link": {
"type": "",
"rel": "",
"href": ""
},
"profileId": "",
"mac": "",
"identityStoreId": "",
"name": ""
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
ANC Endpoint ID |
ID of the ANC endpoint whose details you want to retrieve from Cisco ISE. |
Size | Number of results that the operation should include per page. The search result is by default paged to 20 resources per page. |
Page | Page number from which you want to retrieve results. Page numbering starts at page 1. |
The output contains the following populated JSON schema if you do not specify any endpoint ID for the 'Get ANC Endpoint' operation:
{
"SearchResult": {
"resources": [
{
"link": {
"type": "",
"rel": "",
"href": ""
},
"id": ""
}
],
"total": ""
}
}
The output contains the following populated JSON schema if you have specified an endpoint ID for the 'Get ANC Endpoint' operation:
{
"ErsAncEndpoint": {
"link": {
"type": "",
"rel": "",
"href": ""
},
"policyName": "",
"id": "",
"macAddress": ""
}
}
Parameter | Description |
---|---|
ANC Policy Name | Name of the policy that you want to create on Cisco ISE. |
Action | Type of actions to be applied to the ANC policy that you want to create on Cisco ISE. You can choose from the following options: Quarantine, Portbounce, or Shutdown. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Get Policy By | Choose the method using which you want to retrieve ANC Policies from Cisco ISE. You can choose between Policy ID or Policy Name. If you choose 'Policy ID', then you must specify the following parameter:
|
Size | Number of results that the operation should include per page. The search result is by default paged to 20 resources per page. |
Page | Page number from which you want to retrieve results. Page numbering starts at page 1. |
The output contains the following populated JSON schema if you do not specify any policy name or ID for the 'Get ANC Policy' operation:
{
"SearchResult": {
"resources": [
{
"link": {
"type": "",
"rel": "",
"href": ""
},
"id": "",
"name": ""
}
],
"total": ""
}
}
The output contains the following populated JSON schema if you have specified a policy name or ID for the 'Get ANC Policy' operation:
{
"ErsAncPolicy": {
"link": {
"type": "",
"rel": "",
"href": ""
},
"actions": [],
"id": "",
"name": ""
}
}
Parameter | Description |
---|---|
ANC Policy Name | Name of the ANC policy that you want to apply to a specific MAC or IP address on Cisco ISE. |
Apply To | Choose whether you want to apply the specific ANC policy to a Mac Address or an IP address. If you choose 'IP Address', then you must specify the following parameter:
|
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
ANC Policy Name | Name of the ANC policy that you want to revoke from a specific MAC or IP address on Cisco ISE. |
Revoke From | Choose whether you want to revoke the specific ANC policy from a Mac Address or an IP address. If you choose 'IP Address', then you must specify the following parameter:
|
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
The Sample - Cisco ISE - 2.0.0
playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.
This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.
Connector Version: 2.0.0
Authored By: Community
Certified: No
Following enhancements have been made to the Cisco ISE connector in version 2.0.0:
From version 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-cisco-ise
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Cisco ISE connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations. |
Username | Username to access the Cisco ISE to which you will connect and perform the automated operations. |
Password | Password to access the Cisco ISE server to which you will connect and perform the automated operations. |
ERS Port | External RESTful Services (ERS) is a REST API based on HTTPS over port 9060. This is required to be specified for ERS API operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
List All Active Sessions | Retrieves a list of all active sessions from Cisco ISE. | list_active_sessions Investigation |
EPS: Quarantine IP Address | Quarantines an IP address that you have specified on Cisco ISE. | quarantine_ip Containment |
EPS: Quarantine MAC Address | Quarantines a MAC address that you have specified on Cisco ISE. | quarantine_mac Containment |
EPS: Un-Quarantine IP Address | Removes an IP address that you have specified from the quarantine list on Cisco ISE. | unquarantine_ip Containment |
EPS: Un-Quarantine MAC Address | Removes a MAC address that you have specified from the quarantine list on Cisco ISE. | unquarantine_mac Containment |
End a Target MAC address Session | Ends a session of the MAC address that you have specified on Cisco ISE. | end_session Miscellaneous |
MAC Address Logout | Logs off a session of the MAC address that you have specified on Cisco ISE. | logoff_session Miscellaneous |
Get Endpoints | Retrieves details for all ERS endpoints or a specific endpoint from Cisco ISE based on the endpoint ID or name and other input parameters you have specified. | get_ise_endpoint Investigation |
Get ANC Endpoint | Retrieves details for all Adaptive Network Control (ANC) endpoints or a specific ANC endpoint from Cisco ISE based on the ANC Endpoint ID and other input parameters you have specified. | get_anc_endpoint Investigation |
Create ANC Policy | Creates and ANC policy in Cisco ISE based on the ANC policy name and action you have specified. | create_policy Containment |
Get ANC Policy | Retrieves details for all ANC policies or a specific ANC policy from Cisco ISE based on the policy ID or name and other input parameters you have specified. | get_anc_policy Investigation |
Assign ANC Policy | Assigns a specific ANC policy to a MAC address or an IP address on Cisco ISE based on the policy or name and the MAC or IP address you have specified. | assign_policy Containment |
Revoke ANC Policy | Revokes a specific ANC policy from a MAC address or an IP address on Cisco ISE based on the policy or name and the MAC or IP address you have specified. | revoke_policy Remediation |
None.
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target IP Address | IP address of the device to quarantine on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | MAC address of the device to quarantine on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target IP Address | IP address of the device to un-quarantine on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | MAC address of the device to un-quarantine on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | MAC address to end the session on Cisco ISE. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
Target MAC Address | MAC address to log out from Cisco ISE. |
Target Server Address | Server address from which you want to log out the target machine. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Get Endpoint By | Choose the method using which you want to retrieve endpoint details from Cisco ISE. You can choose between Endpoint ID or Endpoint Name. If you choose 'Endpoint ID', then you must specify the following parameter:
|
Size | Number of results that the operation should include per page. The search result is by default paged to 20 results per page. |
Page | Page number from which you want to retrieve results. Page numbering starts at page 1. |
The output contains the following populated JSON schema if you do not specify any endpoint name or ID for the 'Get Endpoint By' operation:
{
"SearchResult": {
"resources": [
{
"link": {
"type": "",
"rel": "",
"href": ""
},
"id": "",
"name": ""
}
],
"total": ""
}
}
The output contains the following populated JSON schema if you have specified an endpoint name or ID for the 'Get Endpoint By' operation:
{
"ERSEndPoint": {
"identityStore": "",
"id": "",
"portalUser": "",
"description": "",
"staticGroupAssignment": "",
"staticProfileAssignment": "",
"groupId": "",
"link": {
"type": "",
"rel": "",
"href": ""
},
"profileId": "",
"mac": "",
"identityStoreId": "",
"name": ""
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
ANC Endpoint ID |
ID of the ANC endpoint whose details you want to retrieve from Cisco ISE. |
Size | Number of results that the operation should include per page. The search result is by default paged to 20 resources per page. |
Page | Page number from which you want to retrieve results. Page numbering starts at page 1. |
The output contains the following populated JSON schema if you do not specify any endpoint ID for the 'Get ANC Endpoint' operation:
{
"SearchResult": {
"resources": [
{
"link": {
"type": "",
"rel": "",
"href": ""
},
"id": ""
}
],
"total": ""
}
}
The output contains the following populated JSON schema if you have specified an endpoint ID for the 'Get ANC Endpoint' operation:
{
"ErsAncEndpoint": {
"link": {
"type": "",
"rel": "",
"href": ""
},
"policyName": "",
"id": "",
"macAddress": ""
}
}
Parameter | Description |
---|---|
ANC Policy Name | Name of the policy that you want to create on Cisco ISE. |
Action | Type of actions to be applied to the ANC policy that you want to create on Cisco ISE. You can choose from the following options: Quarantine, Portbounce, or Shutdown. |
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Get Policy By | Choose the method using which you want to retrieve ANC Policies from Cisco ISE. You can choose between Policy ID or Policy Name. If you choose 'Policy ID', then you must specify the following parameter:
|
Size | Number of results that the operation should include per page. The search result is by default paged to 20 resources per page. |
Page | Page number from which you want to retrieve results. Page numbering starts at page 1. |
The output contains the following populated JSON schema if you do not specify any policy name or ID for the 'Get ANC Policy' operation:
{
"SearchResult": {
"resources": [
{
"link": {
"type": "",
"rel": "",
"href": ""
},
"id": "",
"name": ""
}
],
"total": ""
}
}
The output contains the following populated JSON schema if you have specified a policy name or ID for the 'Get ANC Policy' operation:
{
"ErsAncPolicy": {
"link": {
"type": "",
"rel": "",
"href": ""
},
"actions": [],
"id": "",
"name": ""
}
}
Parameter | Description |
---|---|
ANC Policy Name | Name of the ANC policy that you want to apply to a specific MAC or IP address on Cisco ISE. |
Apply To | Choose whether you want to apply the specific ANC policy to a Mac Address or an IP address. If you choose 'IP Address', then you must specify the following parameter:
|
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
Parameter | Description |
---|---|
ANC Policy Name | Name of the ANC policy that you want to revoke from a specific MAC or IP address on Cisco ISE. |
Revoke From | Choose whether you want to revoke the specific ANC policy from a Mac Address or an IP address. If you choose 'IP Address', then you must specify the following parameter:
|
The output contains the following populated JSON schema:
{
"request_status": "",
"result": {}
}
The Sample - Cisco ISE - 2.0.0
playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.