Giter Site home page Giter Site logo

ciscocxsecurity / 20210406-ise-rest-apis-webinar Goto Github PK

View Code? Open in Web Editor NEW

This project forked from 1homas/20210406-ise-rest-apis-webinar

0.0 2.0 2.0 8 KB

Demo outline and code example from my ISE REST API webinar on 20210406 with additional examples for curl and Python not covered in the webinar.

License: Other

Python 100.00%

20210406-ise-rest-apis-webinar's Introduction

20210406 ISE REST APIs Webinar

cURL

GET/Read resources

# curl has many options!
curl --help

--head             # headers only
--silent           # disable progress meter/bar
--output <file>    # Write output to <file> instead of stdout
--styled-output    # Enables the automatic use of bold font styles when writing HTTP headers
--verbose          # Makes curl verbose during the operation
# basic HTTP GET request
curl http://ise.securitydemo.net
# Include the HTTP response headers in the output
# Follow redirects
# Allow insecure connections
curl  --include --location --insecure http://ise.securitydemo.net 
# must use HTTP Basic Authentication => 415 Unsupported Media Type
curl \
--include \
--location \
--insecure \
--user admin:C1sco12345 \
https://ise.securitydemo.net:9060/ers/config/endpointgroup
# HTTP Basic Authentication | XML default response
curl \
--include \
--insecure \
--location \
--user admin:C1sco12345 \
--header 'Accept: application/xml' \
https://ise.securitydemo.net:9060/ers/config/endpointgroup
# remove `--include --location`
# For pretty print use linter; is a static code analysis tool for syntax
# use `--silent` to remove the progress bar 
curl \
--silent \
--insecure \
--user admin:C1sco12345 \
--header 'Accept: application/xml' \
https://ise.securitydemo.net:9060/ers/config/endpointgroup \
| xmllint --pretty 1 -
# remove --include; # change to JSON
curl \
--silent \
--insecure \
--user admin:C1sco12345 \
--header 'Accept: application/json' \
https://ise.securitydemo.net:9060/ers/config/endpointgroup
# use `jq` for syntax highlighting
curl \
--silent \
--insecure \
--user admin:C1sco12345 \
--header 'Accept: application/json' \
https://ise.securitydemo.net:9060/ers/config/endpointgroup \
| jq
# use environment variables
curl \
--silent \
--insecure \
--user $ise_rest_username:$ise_rest_password \
--header 'Accept: application/json' \
https://ise.securitydemo.net:9060/ers/config/endpointgroup \
| jq
# GET hotspotportal (only 1) and look at the detail
curl \
--silent \
--insecure \
--user $ise_rest_username:$ise_rest_password \
--header 'Accept: application/json' \
https://ise.securitydemo.net:9060/ers/config/hotspotportal \
| jq
# GET profilerprofile (>600)
curl \
--silent \
--insecure \
--user $ise_rest_username:$ise_rest_password \
--header 'Accept: application/json' \
https://ise.securitydemo.net:9060/ers/config/profilerprofile \
| jq

# GET the end of the profilerprofile list
curl \
--silent \
--insecure \
--user $ise_rest_username:$ise_rest_password \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
"https://ise.securitydemo.net:9060/ers/config/profilerprofile?size=100\&page=7" \
| jq

POST/Create a new endpoint

# find endpointgroup
curl \
--silent \
--include \
--insecure \
--user $ise_rest_username:$ise_rest_password \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
https://ise.securitydemo.net:9060/ers/config/endpointgroup \
| jq -c .SearchResult.resources[] \
| grep Meraki -

# Create a new endpoint
curl \
--include \
--insecure \
--user $ise_rest_username:$ise_rest_password \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
https://ise.securitydemo.net:9060/ers/config/endpoint \
--data '
{
  "ERSEndPoint" : {
    "name" : "New Endpoint",
    "description" : "My Endpoint",
    "mac" : "FE:ED:DA:DD:BE:EF",
    "staticGroupAssignment" : true,
    "groupId" : "1e2700a0-8c00-11e6-996c-525400b48521"
  }
}'

# Response Header :
# HTTP/1.1 201 
# Location: https://ise.securitydemo.net:9060/ers/config/endpoint/0bd811b0-892f-11eb-b0e1-b2ca5a4c3815

Create a new endpoint with custom attributes

curl \
--include \
--user $ise_rest_username:$ise_rest_password \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
https://ise.securitydemo.net:9060/ers/config/endpoint \
--data @ac17c80c17a2.json

Contents:
{
  "ERSEndPoint" : {
    "name" : "ac:17:c8:0c:17:a2",
    "description" : "camera",
    "mac" : "ac:17:c8:0c:17:a2",
    "groupId" : "1e2700a0-8c00-11e6-996c-525400b48521",
    "staticGroupAssignment" : true,
    "customAttributes" : {
      "customAttributes" : {
        "Authorization" : "surveillance",
        "Owner" : "cameron",
        "Department" : "Security",
        "Device" : "Camera",
        "SerialNumber" : "",
        "Expiration" : "1617493934",
        "Manufacturer" : "Meraki",
        "Model" : "MV12W",
        "Software" : "",
        "Created" : "1616889109"
      }
    }
  }
}

Use POST to create a user

curl \
--include 
--user $ise_rest_username:$ise_rest_password \
--header 'Content-Type:application/json' \
--header 'Accept: application/json' \
https://$ise_pan:9060/ers/config/internaluser \
--data '
{
    "InternalUser" : {
        "name" : "rigo",
        "password" : "C1sco12345",
        "changePassword" : false
    }
}'

Use POST to create a user from a file

curl \
--include \
--user $ise_rest_username:$ise_rest_password \
--header 'Content-Type:application/json' \
--header 'Accept: application/json' \
https://$ise_pan:9060/ers/config/internaluser \
--data @data/internaluser.json

Create a Guest user

โš  Requires guestapi user!

curl \
--include \
--user $guestapi_username:$guestapi_password \
--header 'Content-Type:application/json' \
--header 'Accept: application/json' \
https://$ise_pan:9060/ers/config/guestuser \
--data '
{
    "GuestUser": {
        "guestType": "Daily (default)",
        "portalId" : "bd48c1a1-9477-4746-8e40-e43d20c9f429",
        "guestInfo": {
            "enabled": "true",
            "userName": "rigo",
            "password": "C1sco12345"
        },
        "guestAccessInfo": {
            "validDays": 1,
            "fromDate": "03/27/2021 17:40",
            "toDate": "03/28/2021 17:40",
            "location": "San Jose"
        }
    }
}'

PUT/Update an endpoint

curl \
--include \
--user $ise_rest_username:$ise_rest_password \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request PUT https://ise.securitydemo.net:9060/ers/config/endpoint \
--data '
{
  "ERSEndPoint" : {
    "name" : "New Endpoint",
    "description" : "My Endpoint",
    "mac" : "DE:AD:BE:EF:CA:FE",
    "staticGroupAssignment" : true,
    "groupId" : "1e2700a0-8c00-11e6-996c-525400b48521"
  }
}'

# Response Header
# HTTP/1.1 200

Delete an Endpoint

curl \
--include \
--user $ise_rest_username:$ise_rest_password \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request DELETE  https://ise.securitydemo.net:9060/ers/config/endpoint/1b3884b0-8906-11eb-b0e1-b2ca5a4c3815

Other uses of cURL

HTTPS Probe for Guest Portal(s)

ISE 2.7+ portal responds with HTTP/1.1 200 instead of HTTP/1.1 200 OK! curl --include https://ise.securitydemo.net:8443/portal/PortalSetup.action?portal=2c78bb61-1644-416a-a44d-c10b48b9ee47

Postman

GUI Overview

  • New Workspace
  • Workspace Name : give your workspace a name
  • Collections : your requests for an API
  • APIs : Collections & environments with schemas
  • Environments : sets of variables for use in context with requests:
    • Global
    • Environment
    • Collection
    • Local

Create a GET Request from a curl Request

  1. New Collection
  2. New Request:
    1. GET endpointgroup: https://ise.securitydemo.net:9060/ers/config/endpointgroup
      1. Authorization:
        1. rest_username
        2. rest_password
    2. POST endpointgroup: https://ise.securitydemo.net:9060/ers/config/endpointgroup
      1. Content-Type: application/json
      2. Accept: application/json

ISE Postman Collections

  1. Review https://github.com/1homas/ise-postman-collections
  2. import into Postman
  3. list all resources and methods
  4. GET followed by GET/{id}
    1. Pre-Request
    2. Tests
  5. guestuser
    1. fail GET with admin
    2. change environment to dCloud-guestapi
      1. GET guestuser
      2. POST guestuser
      3. DELETE guestuser
  6. GET all networkdevices
    1. show size / page
    2. open Code Snippet for Python Requests

Python

Install specific Python version and activate virtual environment

pipenv install --python 3.7
pipenv shell
pipenv install requests

Set a RADIUS secondary shared secret on all network devices

#!/usr/bin/env python

import requests
import json

requests.packages.urllib3.disable_warnings()

url = "https://ise.securitydemo.net:9060/ers/config/networkdevice"

payload={}
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Basic YWRtaW46QzFzY28xMjM0NQ==',
  'Cookie': 'APPSESSIONID=E1988B8F1CB2EDE0A28253BBE29F1AE7; JSESSIONIDSSO=60629038D127E8CD7F04B058670E3269'
}

resources = []

# get all pages of resources
while (url) :
    # add resources to list
    response = requests.request("GET", url, headers=headers, data=payload, verify=False)
    resources += response.json()["SearchResult"]["resources"]
    try :
        url = response.json()["SearchResult"]["nextPage"]["href"]
    except Exception as e :
        url = None

# loop over resources (networkdevices) to update RADIUS configuration options
for resource in resources :
    # get resource details to update
    url = "https://ise.securitydemo.net:9060/ers/config/networkdevice/"+resource["id"]
    response = requests.request("GET", url, headers=headers, data=payload, verify=False)

    # print networkdevice details
    print(response.json())

    # PUT new RADIUS second shared secret
    networkdevice = response.json()
    print(networkdevice)
    print('----')
    networkdevice["NetworkDevice"]["authenticationSettings"]['enableMultiSecret'] = True
    networkdevice["NetworkDevice"]["authenticationSettings"]['secondRadiusSharedSecret'] = "MySecondSharedSecret"
    payload = json.dumps(networkdevice)
    print('-----')
    response = requests.request("PUT", url, headers=headers, data=payload, verify=False)
    print(response.status_code)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.