Security

Reply
Contributor I

Change Attribute of a specific Endpoints

Airheads,

 

i need your support!

For a show-case i need to change an Attribute for a specific device in the Endpoints Database without having the need to touch my notebook.

 

The show-case:

 

Endpoint get quarantined at threat detection based on syslogparsing of paloalto networks firewall. At the same time the endpoint receives the additional attribute Threat Status with value unresolved.

The Attributes value should remain unresolved until i trigger a change (so no timer or change based on reconnection).

 

I can trigger the change by sending an api request(PATCH) to http://demo-ClearPass/endpoint/mac-address/{enpoint-mac} but i would like to do it without the use of the notebook.

 

My idea:

Use an amazon dash button which gets authenticated by MAC-address. This authentication should enforce a Content Server Action on localhost(ClearPass) which either sets the Attribute value to resolved or deletes it by sending value "".

 

Unfortunatley i do not get the Context Server Action to work. I do not see any errors altough i have to admit i do not know where if there is a log for them for there execution.

 

Thanks in advance

Kevin

 

 

 

 

Highlighted
Guru Elite

Re: Change Attribute of a specific Endpoints

https://github.com/aruba/clearpass-examples-only/tree/master/atm18/disconnect-compromised-device

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Change Attribute of a specific Endpoints

Thanks Tim,

 

does that mean you see no way to do it with a context server action? I've never worked with python so far.

The clearpass is not accessible from the internet, so i expected i need a local resource to execute the phyton script, correct?

 

Thanks in advance

Kevin

 

 

Guru Elite

Re: Change Attribute of a specific Endpoints

Context servers are outbound actions. You're trying to modify ClearPass entities.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: