Fortinet Document Library

Version:


Table of Contents

2.0.0
Copy Link

About the connector

Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.

This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.

Version information

Connector Version: 2.0.0

Authored By: Community

Certified: No

Release Notes for version 2.0.0

Following enhancements have been made to the Cisco ISE connector in version 2.0.0:

  • Added a new configuration parameter "ERS port". You require to specify the ERS port number (default 9060) for ERS API operations.
  • Added the following new operations and playbooks:
    • Get Endpoints
    • Get ANC Endpoint
    • Create ANC Policy
    • Get ANC Policy
    • Assign ANC Policy
    • Revoke ANC Policy

Installing the connector

From version 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-cisco-ise

Prerequisites to configuring the connector

  • You must have the URL of Cisco ISE server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Cisco ISE connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations.
Username Username to access the Cisco ISE to which you will connect and perform the automated operations.
Password Password to access the Cisco ISE server to which you will connect and perform the automated operations.
ERS Port External RESTful Services (ERS) is a REST API based on HTTPS over port 9060. This is required to be specified for ERS API operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onwards:

Function Description Annotation and Category
List All Active Sessions Retrieves a list of all active sessions from Cisco ISE. list_active_sessions
Investigation
EPS: Quarantine IP Address Quarantines an IP address that you have specified on Cisco ISE. quarantine_ip
Containment
EPS: Quarantine MAC Address Quarantines a MAC address that you have specified on Cisco ISE. quarantine_mac
Containment
EPS: Un-Quarantine IP Address Removes an IP address that you have specified from the quarantine list on Cisco ISE. unquarantine_ip
Containment
EPS: Un-Quarantine MAC Address Removes a MAC address that you have specified from the quarantine list on Cisco ISE. unquarantine_mac
Containment
End a Target MAC address Session Ends a session of the MAC address that you have specified on Cisco ISE. end_session
Miscellaneous
MAC Address Logout Logs off a session of the MAC address that you have specified on Cisco ISE. logoff_session
Miscellaneous
Get Endpoints Retrieves details for all ERS endpoints or a specific endpoint from Cisco ISE based on the endpoint ID or name and other input parameters you have specified. get_ise_endpoint
Investigation
Get ANC Endpoint Retrieves details for all Adaptive Network Control (ANC) endpoints or a specific ANC endpoint from Cisco ISE based on the ANC Endpoint ID and other input parameters you have specified. get_anc_endpoint
Investigation
Create ANC Policy Creates and ANC policy in Cisco ISE based on the ANC policy name and action you have specified. create_policy
Containment
Get ANC Policy Retrieves details for all ANC policies or a specific ANC policy from Cisco ISE based on the policy ID or name and other input parameters you have specified. get_anc_policy
Investigation
Assign ANC Policy Assigns a specific ANC policy to a MAC address or an IP address on Cisco ISE based on the policy or name and the MAC or IP address you have specified. assign_policy
Containment
Revoke ANC Policy Revokes a specific ANC policy from a MAC address or an IP address on Cisco ISE based on the policy or name and the MAC or IP address you have specified. revoke_policy
Remediation

operation: List All Active Sessions

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: EPS: Quarantine IP Address 

Input parameters

Parameter Description
Target IP Address IP address of the device to quarantine on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: EPS: Quarantine MAC Address 

Input parameters

Parameter Description
Target MAC Address MAC address of the device to quarantine on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: EPS: Un-Quarantine IP Address 

Input parameters

Parameter Description
Target IP Address IP address of the device to un-quarantine on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: EPS: Un-Quarantine MAC Address

Input parameters

Parameter Description
Target MAC Address MAC address of the device to un-quarantine on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: End a Target MAC Address Session

Input parameters

Parameter Description
Target MAC Address MAC address to end the session on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: MAC Address Logout

Input parameters

Parameter Description
Target MAC Address MAC address to log out from Cisco ISE.
Target Server Address Server address from which you want to log out the target machine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: Get Endpoints

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Get Endpoint By Choose the method using which you want to retrieve endpoint details from Cisco ISE. You can choose between Endpoint ID or Endpoint Name.
If you choose 'Endpoint ID', then you must specify the following parameter:
  • Endpoint ID: ID of the ANC endpoint whose details you want to retrieve from Cisco ISE.
If you choose 'Endpoint Name', then you must specify the following parameter:
  • Endpoint Name: Name of the ANC endpoint whose details you want to retrieve from Cisco ISE.
Size Number of results that the operation should include per page. The search result is by default paged to 20 results per page.
Page Page number from which you want to retrieve results. Page numbering starts at page 1.

Output

The output contains the following populated JSON schema if you do not specify any endpoint name or ID for the  'Get Endpoint By' operation:
{
     "SearchResult": {
         "resources": [
             {
                 "link": {
                     "type": "",
                     "rel": "",
                     "href": ""
                 },
                 "id": "",
                 "name": ""
             }
         ],
         "total": ""
     }
}

The output contains the following populated JSON schema if you have specified an endpoint name or ID for the 'Get Endpoint By' operation:


     "ERSEndPoint": {
         "identityStore": "",
         "id": "",
         "portalUser": "",
         "description": "",
         "staticGroupAssignment": "",
         "staticProfileAssignment": "",
         "groupId": "",
         "link": {
             "type": "",
             "rel": "",
             "href": ""
         },
         "profileId": "",
         "mac": "",
         "identityStoreId": "",
         "name": ""
     }
}

operation: Get ANC Endpoint

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
ANC Endpoint ID

ID of the ANC endpoint whose details you want to retrieve from Cisco ISE.

Size Number of results that the operation should include per page. The search result is by default paged to 20 resources per page.
Page Page number from which you want to retrieve results. Page numbering starts at page 1.

Output

The output contains the following populated JSON schema if you do not specify any endpoint ID for the  'Get ANC Endpoint' operation:
{
     "SearchResult": {
         "resources": [
             {
                 "link": {
                     "type": "",
                     "rel": "",
                     "href": ""
                 },
                 "id": ""
             }
         ],
         "total": ""
     }
}

The output contains the following populated JSON schema if you have specified an endpoint ID for the 'Get ANC Endpoint' operation:


     "ErsAncEndpoint": {
         "link": {
             "type": "",
             "rel": "",
             "href": ""
         },
         "policyName": "",
         "id": "",
         "macAddress": ""
     }
}

operation: Create ANC Policy

Input parameters

Parameter Description
ANC Policy Name Name of the policy that you want to create on Cisco ISE.
Action Type of actions to be applied to the ANC policy that you want to create on Cisco ISE. You can choose from the following options: Quarantine, Portbounce, or Shutdown.

Output

The output contains the following populated JSON schema:


     "request_status": "",
     "result": {}
}

operation: Get ANC Policy

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Get Policy By Choose the method using which you want to retrieve ANC Policies from Cisco ISE. You can choose between Policy ID or Policy Name.
If you choose 'Policy ID', then you must specify the following parameter:
  • Policy ID: ID of the ANC policy whose details you want to retrieve from Cisco ISE.
If you choose 'Policy Name', then you must specify the following parameter:
  • Policy Name: Name of the ANC policy whose details you want to retrieve from Cisco ISE.
Size Number of results that the operation should include per page. The search result is by default paged to 20 resources per page.
Page Page number from which you want to retrieve results. Page numbering starts at page 1.

Output

The output contains the following populated JSON schema if you do not specify any policy name or ID for the  'Get ANC Policy' operation:
{
     "SearchResult": {
         "resources": [
             {
                 "link": {
                     "type": "",
                     "rel": "",
                     "href": ""
                 },
                 "id": "",
                 "name": ""
             }
         ],
         "total": ""
     }
}

The output contains the following populated JSON schema if you have specified a policy name or ID for the  'Get ANC Policy' operation: 


     "ErsAncPolicy": {
         "link": {
             "type": "",
             "rel": "",
             "href": ""
         },
         "actions": [],
         "id": "",
         "name": ""
     }
}

operation: Assign ANC Policy

Input parameters

Parameter Description
ANC Policy Name Name of the ANC policy that you want to apply to a specific MAC or IP address on Cisco ISE.
Apply To Choose whether you want to apply the specific ANC policy to a Mac Address or an IP address.
If you choose 'IP Address', then you must specify the following parameter:
  • IP Address: IP Address on which you want to apply the specified policy.
If you choose 'MAC Address', then you must specify the following parameter:
  • MAC Address: MAC Address on which you want to apply the specified policy.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: Revoke ANC Policy

Input parameters

Parameter Description
ANC Policy Name Name of the ANC policy that you want to revoke from a specific MAC or IP address on Cisco ISE.
Revoke From Choose whether you want to revoke the specific ANC policy from a Mac Address or an IP address.
If you choose 'IP Address', then you must specify the following parameter:
  • IP Address: IP Address from which you want to revoke the specified policy.
If you choose 'MAC Address', then you must specify the following parameter:
  • MAC Address: MAC Address from which you want to revoke the specified policy.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

Included playbooks

The Sample - Cisco ISE - 2.0.0 playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.

  • Assign ANC Policy
  • Create ANC Policy
  • End a Target MAC Address Session
  • EPS: Quarantine IP Address 
  • EPS: Quarantine MAC Address
  • EPS: Un-Quarantine IP Address 
  • EPS: Un-Quarantine MAC Address 
  • Get ANC Endpoint
  • Get ANC Policy
  • Get Endpoints
  • List All Active Sessions
  • MAC Address Logout
  • Revoke ANC Policy

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

 

About the connector

Cisco Identity Services Engine (ISE) is a network administration product that enables the creation and enforcement of security and access policies for endpoint devices connected to the company's routers and switches. The purpose is to simplify identity management across diverse devices and applications.

This document provides information about the Cisco ISE connector, which facilitates automated interactions, with a Cisco ISE server using FortiSOAR™ playbooks. Add the Cisco ISE connector as a step in FortiSOAR™ playbooks and perform automated operations, such as quarantining and un-quarantining IP addresses on Cisco ISE and retrieving a list of all active sessions from Cisco ISE.

Version information

Connector Version: 2.0.0

Authored By: Community

Certified: No

Release Notes for version 2.0.0

Following enhancements have been made to the Cisco ISE connector in version 2.0.0:

Installing the connector

From version 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-cisco-ise

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Cisco ISE connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL IP address or FQDN of the Cisco ISE server to which you will connect and perform the automated operations.
Username Username to access the Cisco ISE to which you will connect and perform the automated operations.
Password Password to access the Cisco ISE server to which you will connect and perform the automated operations.
ERS Port External RESTful Services (ERS) is a REST API based on HTTPS over port 9060. This is required to be specified for ERS API operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onwards:

Function Description Annotation and Category
List All Active Sessions Retrieves a list of all active sessions from Cisco ISE. list_active_sessions
Investigation
EPS: Quarantine IP Address Quarantines an IP address that you have specified on Cisco ISE. quarantine_ip
Containment
EPS: Quarantine MAC Address Quarantines a MAC address that you have specified on Cisco ISE. quarantine_mac
Containment
EPS: Un-Quarantine IP Address Removes an IP address that you have specified from the quarantine list on Cisco ISE. unquarantine_ip
Containment
EPS: Un-Quarantine MAC Address Removes a MAC address that you have specified from the quarantine list on Cisco ISE. unquarantine_mac
Containment
End a Target MAC address Session Ends a session of the MAC address that you have specified on Cisco ISE. end_session
Miscellaneous
MAC Address Logout Logs off a session of the MAC address that you have specified on Cisco ISE. logoff_session
Miscellaneous
Get Endpoints Retrieves details for all ERS endpoints or a specific endpoint from Cisco ISE based on the endpoint ID or name and other input parameters you have specified. get_ise_endpoint
Investigation
Get ANC Endpoint Retrieves details for all Adaptive Network Control (ANC) endpoints or a specific ANC endpoint from Cisco ISE based on the ANC Endpoint ID and other input parameters you have specified. get_anc_endpoint
Investigation
Create ANC Policy Creates and ANC policy in Cisco ISE based on the ANC policy name and action you have specified. create_policy
Containment
Get ANC Policy Retrieves details for all ANC policies or a specific ANC policy from Cisco ISE based on the policy ID or name and other input parameters you have specified. get_anc_policy
Investigation
Assign ANC Policy Assigns a specific ANC policy to a MAC address or an IP address on Cisco ISE based on the policy or name and the MAC or IP address you have specified. assign_policy
Containment
Revoke ANC Policy Revokes a specific ANC policy from a MAC address or an IP address on Cisco ISE based on the policy or name and the MAC or IP address you have specified. revoke_policy
Remediation

operation: List All Active Sessions

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: EPS: Quarantine IP Address 

Input parameters

Parameter Description
Target IP Address IP address of the device to quarantine on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: EPS: Quarantine MAC Address 

Input parameters

Parameter Description
Target MAC Address MAC address of the device to quarantine on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: EPS: Un-Quarantine IP Address 

Input parameters

Parameter Description
Target IP Address IP address of the device to un-quarantine on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: EPS: Un-Quarantine MAC Address

Input parameters

Parameter Description
Target MAC Address MAC address of the device to un-quarantine on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: End a Target MAC Address Session

Input parameters

Parameter Description
Target MAC Address MAC address to end the session on Cisco ISE.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: MAC Address Logout

Input parameters

Parameter Description
Target MAC Address MAC address to log out from Cisco ISE.
Target Server Address Server address from which you want to log out the target machine.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: Get Endpoints

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Get Endpoint By Choose the method using which you want to retrieve endpoint details from Cisco ISE. You can choose between Endpoint ID or Endpoint Name.
If you choose 'Endpoint ID', then you must specify the following parameter:
  • Endpoint ID: ID of the ANC endpoint whose details you want to retrieve from Cisco ISE.
If you choose 'Endpoint Name', then you must specify the following parameter:
  • Endpoint Name: Name of the ANC endpoint whose details you want to retrieve from Cisco ISE.
Size Number of results that the operation should include per page. The search result is by default paged to 20 results per page.
Page Page number from which you want to retrieve results. Page numbering starts at page 1.

Output

The output contains the following populated JSON schema if you do not specify any endpoint name or ID for the  'Get Endpoint By' operation:
{
     "SearchResult": {
         "resources": [
             {
                 "link": {
                     "type": "",
                     "rel": "",
                     "href": ""
                 },
                 "id": "",
                 "name": ""
             }
         ],
         "total": ""
     }
}

The output contains the following populated JSON schema if you have specified an endpoint name or ID for the 'Get Endpoint By' operation:


     "ERSEndPoint": {
         "identityStore": "",
         "id": "",
         "portalUser": "",
         "description": "",
         "staticGroupAssignment": "",
         "staticProfileAssignment": "",
         "groupId": "",
         "link": {
             "type": "",
             "rel": "",
             "href": ""
         },
         "profileId": "",
         "mac": "",
         "identityStoreId": "",
         "name": ""
     }
}

operation: Get ANC Endpoint

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
ANC Endpoint ID

ID of the ANC endpoint whose details you want to retrieve from Cisco ISE.

Size Number of results that the operation should include per page. The search result is by default paged to 20 resources per page.
Page Page number from which you want to retrieve results. Page numbering starts at page 1.

Output

The output contains the following populated JSON schema if you do not specify any endpoint ID for the  'Get ANC Endpoint' operation:
{
     "SearchResult": {
         "resources": [
             {
                 "link": {
                     "type": "",
                     "rel": "",
                     "href": ""
                 },
                 "id": ""
             }
         ],
         "total": ""
     }
}

The output contains the following populated JSON schema if you have specified an endpoint ID for the 'Get ANC Endpoint' operation:


     "ErsAncEndpoint": {
         "link": {
             "type": "",
             "rel": "",
             "href": ""
         },
         "policyName": "",
         "id": "",
         "macAddress": ""
     }
}

operation: Create ANC Policy

Input parameters

Parameter Description
ANC Policy Name Name of the policy that you want to create on Cisco ISE.
Action Type of actions to be applied to the ANC policy that you want to create on Cisco ISE. You can choose from the following options: Quarantine, Portbounce, or Shutdown.

Output

The output contains the following populated JSON schema:


     "request_status": "",
     "result": {}
}

operation: Get ANC Policy

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Get Policy By Choose the method using which you want to retrieve ANC Policies from Cisco ISE. You can choose between Policy ID or Policy Name.
If you choose 'Policy ID', then you must specify the following parameter:
  • Policy ID: ID of the ANC policy whose details you want to retrieve from Cisco ISE.
If you choose 'Policy Name', then you must specify the following parameter:
  • Policy Name: Name of the ANC policy whose details you want to retrieve from Cisco ISE.
Size Number of results that the operation should include per page. The search result is by default paged to 20 resources per page.
Page Page number from which you want to retrieve results. Page numbering starts at page 1.

Output

The output contains the following populated JSON schema if you do not specify any policy name or ID for the  'Get ANC Policy' operation:
{
     "SearchResult": {
         "resources": [
             {
                 "link": {
                     "type": "",
                     "rel": "",
                     "href": ""
                 },
                 "id": "",
                 "name": ""
             }
         ],
         "total": ""
     }
}

The output contains the following populated JSON schema if you have specified a policy name or ID for the  'Get ANC Policy' operation: 


     "ErsAncPolicy": {
         "link": {
             "type": "",
             "rel": "",
             "href": ""
         },
         "actions": [],
         "id": "",
         "name": ""
     }
}

operation: Assign ANC Policy

Input parameters

Parameter Description
ANC Policy Name Name of the ANC policy that you want to apply to a specific MAC or IP address on Cisco ISE.
Apply To Choose whether you want to apply the specific ANC policy to a Mac Address or an IP address.
If you choose 'IP Address', then you must specify the following parameter:
  • IP Address: IP Address on which you want to apply the specified policy.
If you choose 'MAC Address', then you must specify the following parameter:
  • MAC Address: MAC Address on which you want to apply the specified policy.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

operation: Revoke ANC Policy

Input parameters

Parameter Description
ANC Policy Name Name of the ANC policy that you want to revoke from a specific MAC or IP address on Cisco ISE.
Revoke From Choose whether you want to revoke the specific ANC policy from a Mac Address or an IP address.
If you choose 'IP Address', then you must specify the following parameter:
  • IP Address: IP Address from which you want to revoke the specified policy.
If you choose 'MAC Address', then you must specify the following parameter:
  • MAC Address: MAC Address from which you want to revoke the specified policy.

Output

The output contains the following populated JSON schema:
{
     "request_status": "",
     "result": {}
}

Included playbooks

The Sample - Cisco ISE - 2.0.0 playbook collection comes bundled with the Cisco ISE connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Cisco ISE connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.