Solved: Cisco ISE with python

RichardAcolatse8417 · ‎04-29-2021

I got an error while try to run the python script in the attachment . Can anyone help me solve this error in the attachment ?

Mike.Cifelli · ‎04-29-2021

My recommendation is always to start small, then slowly build from there. A tool I always recommend to other engineers to utilize when getting a feel for APIs in general is curl. Curl will let you quickly attempt to consume APIs and has helped me in the past for many reasons. Quick example:

1: GET endpoint ID by filter on MAC:

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user>:<pass> --request GET https://ise pan ip:9060/ers/config/endpoint?filter=mac.EQ.54:XX:XX:35:AD

Additional curl info: curl - Unix, Linux Command - Tutorialspoint

Brief overview of ISE Rest API filters:

--Cisco ISE REST API filters--
EQ: Equals
NEQ: Not Equals
GT: Greater Than
LT: Less Then
STARTW: Starts With
NSTARTSW: Not Starts With
ENDSW: Ends With
NENDSW: Not Ends With
CONTAINS: Contains
NCONTAINS: Not Contains

Quick python script example I have used in the past to view two different endpoint groups' members (MACs) & print to screen + CSV file. Maybe it will help shed some tshooting light:

#!/usr/bin/python
import json
import requests
import warnings
import sys
import csv

#ignore invalid cert warnings
warnings.filterwarnings("ignore")

groupID = ("")
temp = ("")
temp1 = ("")
temp2 = ("")

USR_CHOICE = raw_input ("Do you want to see MACs in Hard Quarantine (1) or Soft Quarantine group(2)? ")
while USR_CHOICE not in ('1','2'):
    print "************************************"
    print "Error! You must enter 1 (Hard) or 2 (Soft)"
    print "************************************"
    sys.exit()
if USR_CHOICE == '1':
    groupID = '4bfdafa0-XXXXX-123340ab3cd6'
    temp = 'Hard Q'
else:
    groupID = 'aa000c30XXXXXX5400b48521'
    temp = 'Soft Q'

API_DEVICE = "https://ISE_PAN_IP:9060/ers/config/endpoint?filter=groupId.EQ." + groupID + "&size=100"
API_ERS_USER = "USER","PASS"
HEADERS = {
        'Accept': "application/json",
        'Content-Type': "application/json",
}

r = requests.get(url=API_DEVICE, auth=API_ERS_USER, headers=HEADERS, verify=True)

#print r.text
data = r.text

endPoints = json.loads(data)
print "Total Number of Endpoints in " + temp + " Group:",endPoints['SearchResult']['total']
print "---------------------------------------"

f = open ('Grp_Macs.csv','w')
w = csv.DictWriter(f, fieldnames = ['MAC Address','Description'])
w.writeheader()
f.close()

for MAC in endPoints ["SearchResult"]["resources"]:
    temp1 = MAC['name']
    with open ('Grp_Macs.csv','a') as csvfile:
        w = csv.writer(csvfile)
        try:
            temp2 = MAC['description']
            w.writerow([temp1, temp2])
            print "MAC Address:", temp1, "||", "Description:", temp2
        except KeyError:
            w.writerow([temp1, temp2])
            print "MAC Address:", temp1, "||", "Description:"""
            continue
with open ('Grp_Macs.csv','a') as csvfile:
    w = csv.writer(csvfile)
    TOTAL = endPoints['SearchResult']['total']
    w.writerow(['Total Endpoints:', TOTAL])

sys.exit()

View solution in original post

Mike.Cifelli · ‎04-29-2021

can i use to create internal users on cisco ISE with python scripts as well on windows 10 OS .

-Yes. I would recommend youtube & take a look at this: Python on Windows 10 for beginners | Microsoft Docs

how did you access the online ISE SDK on your computer ?

-Open browser, navigate to: https://<YOUR ISE PAN IP ADDRESS>:9060/ers/sdk#

View solution in original post

Mike.Cifelli · ‎04-30-2021

I typically use a linux host, but try taking a look here: How To Use cURL On Windows 10 (addictivetips.com)

View solution in original post

balaji.bandi · ‎04-29-2021

Mostly the connection issue, since we are not sure what is that lines of errors so hard to say, can you attached python script

also give us what ISE version, did you enable REST API ? what are you trying to achieve with these scripts.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

RichardAcolatse8417 · ‎04-29-2021

this is the ISE version I am using 2.7.0.356 . Yes I did enable REST API and this python scripts which am i am using .for ISE I want to also know how you implement it from a windows 10 computer . I am trying to create Internal users with the python scripts as well . I want to how to connect python scripts to Cisco ISE through VPN as well .

Mike.Cifelli · ‎04-29-2021

My recommendation is always to start small, then slowly build from there. A tool I always recommend to other engineers to utilize when getting a feel for APIs in general is curl. Curl will let you quickly attempt to consume APIs and has helped me in the past for many reasons. Quick example:

1: GET endpoint ID by filter on MAC:

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user>:<pass> --request GET https://ise pan ip:9060/ers/config/endpoint?filter=mac.EQ.54:XX:XX:35:AD

Additional curl info: curl - Unix, Linux Command - Tutorialspoint

Brief overview of ISE Rest API filters:

--Cisco ISE REST API filters--
EQ: Equals
NEQ: Not Equals
GT: Greater Than
LT: Less Then
STARTW: Starts With
NSTARTSW: Not Starts With
ENDSW: Ends With
NENDSW: Not Ends With
CONTAINS: Contains
NCONTAINS: Not Contains

Quick python script example I have used in the past to view two different endpoint groups' members (MACs) & print to screen + CSV file. Maybe it will help shed some tshooting light:

#!/usr/bin/python
import json
import requests
import warnings
import sys
import csv

#ignore invalid cert warnings
warnings.filterwarnings("ignore")

groupID = ("")
temp = ("")
temp1 = ("")
temp2 = ("")

USR_CHOICE = raw_input ("Do you want to see MACs in Hard Quarantine (1) or Soft Quarantine group(2)? ")
while USR_CHOICE not in ('1','2'):
    print "************************************"
    print "Error! You must enter 1 (Hard) or 2 (Soft)"
    print "************************************"
    sys.exit()
if USR_CHOICE == '1':
    groupID = '4bfdafa0-XXXXX-123340ab3cd6'
    temp = 'Hard Q'
else:
    groupID = 'aa000c30XXXXXX5400b48521'
    temp = 'Soft Q'

API_DEVICE = "https://ISE_PAN_IP:9060/ers/config/endpoint?filter=groupId.EQ." + groupID + "&size=100"
API_ERS_USER = "USER","PASS"
HEADERS = {
        'Accept': "application/json",
        'Content-Type': "application/json",
}

r = requests.get(url=API_DEVICE, auth=API_ERS_USER, headers=HEADERS, verify=True)

#print r.text
data = r.text

endPoints = json.loads(data)
print "Total Number of Endpoints in " + temp + " Group:",endPoints['SearchResult']['total']
print "---------------------------------------"

f = open ('Grp_Macs.csv','w')
w = csv.DictWriter(f, fieldnames = ['MAC Address','Description'])
w.writeheader()
f.close()

for MAC in endPoints ["SearchResult"]["resources"]:
    temp1 = MAC['name']
    with open ('Grp_Macs.csv','a') as csvfile:
        w = csv.writer(csvfile)
        try:
            temp2 = MAC['description']
            w.writerow([temp1, temp2])
            print "MAC Address:", temp1, "||", "Description:", temp2
        except KeyError:
            w.writerow([temp1, temp2])
            print "MAC Address:", temp1, "||", "Description:"""
            continue
with open ('Grp_Macs.csv','a') as csvfile:
    w = csv.writer(csvfile)
    TOTAL = endPoints['SearchResult']['total']
    w.writerow(['Total Endpoints:', TOTAL])

sys.exit()

RichardAcolatse8417 · ‎04-29-2021

Thank you for assistance . can i use to create internal users on cisco ISE with python scripts as well on windows 10 OS . how did you access the online ISE SDK on your computer ?

ggmeza1983 · ‎11-19-2021

Hi, how are you? I hope you´re well.

Have you got any quick example: how can i export full endpoint database from a script in python, curl or postman? And how can i schedule dialy to make a report. I know there are some options: from gui, export full database, from cli.

Thanks in advance.

Mike.Cifelli · ‎04-29-2021

can i use to create internal users on cisco ISE with python scripts as well on windows 10 OS .

-Yes. I would recommend youtube & take a look at this: Python on Windows 10 for beginners | Microsoft Docs

how did you access the online ISE SDK on your computer ?

-Open browser, navigate to: https://<YOUR ISE PAN IP ADDRESS>:9060/ers/sdk#

RichardAcolatse8417 · ‎04-29-2021

Thank you . can I access cisco ISE on VPN from a remote locate with a python scripts ?

RichardAcolatse8417 · ‎04-29-2021

Can I use curl on windows 10 pc ?

Mike.Cifelli · ‎04-30-2021

I typically use a linux host, but try taking a look here: How To Use cURL On Windows 10 (addictivetips.com)

RichardAcolatse8417 · ‎04-30-2021

Thank you for your assistance . I started write this python program for creating internal user on cisco ISE and I find it difficult to execute it . can you help me out with the problem ?