Security

Hello community,

I'm playing around with ClearPass API Explorer, and what I'm trying to do is to get a list of endpoints in my endpoint repository, and filter the result using endpoint attributes. The sample data for an endpoint looks like this:

"_embedded": {
    "items": [
      {
        "id": 3004,
        "mac_address": "f822934bb108",
        "status": "Known",
        "attributes": {
          "Owner": "user1@example.com",
          "social_vip": "",
          "Device IMEI": "01 374800 460669 4",
          "Device Name": "iOS",
          "Device Type": "iOS",
          "Device UDID": "50e082617c1c07c25dd12706b79be6a",
          "Product Name": "iPhone6,1",
          "social_roles": "[]",
          "social_groups": "[]",
          "social_userType": "Member",
          "social_username": "user1@example.com",
          "social_timestamp": "1512108128",
          "social_objectType": "User"
    }
  ]
}

I can filter the result based on an endpoint's MAC address by specifying this syntax in the filter box:

{"mac_address": "<mac address>"}

But when I tried to filter based on associated attributes of an endpoint using this syntax:

{"attributes": {"social_username": "user1@example.com"}}

it failed, and the API Explorer responded with code 422 which said invalid filter expression. So I know my filter syntax for endpoint attributes was not correct, but how should I configure it then?

Thank you,

Thanks Tim for your quick reply. I'll try a different solution then.

For me, fetching half a million endpoint records and filtering afterwards is not an option. Filtering on attributes is a really basic and important feature. I hope this implementaiton will find it's way into a future version of the API.

Also, @Zaffiro what alternate solution did you come up with?

Hi Mart,

Previously I had a requirement  to get a list of endpoints belong to a certain user. My first thought was to filter based on the social_username attribute associated with an endpoint. But as you can see it failed. So my alternate solution back then was to get all the user certificates based on subject_common_name attribute, and extract the mac addresses embedded inside those certs.

But I believe starting from version 6.7.0, ClearPass API has support for endpoint attributes filtering. I tried {"social_username": "user1@example.com"} and it worked (notice there's no "attributes" keyword in the filter syntax). I think you should try again and see if it works for your case.

Regards,

I understand that filtering on specific attributes is not supported, but is it possible to filter if an Endpoint holds any attributes at all?

I tried several filter expressions, amongst them : 

{"attributes":{"$exists":true}}

without success.

---

@cappalli wrote:
You cannot filter on attributes today.

---

When is that support ecpected?

This was added in CPPM 6.7.2