Security

Airheads,

i need your support!

For a show-case i need to change an Attribute for a specific device in the Endpoints Database without having the need to touch my notebook.

The show-case:

Endpoint get quarantined at threat detection based on syslogparsing of paloalto networks firewall. At the same time the endpoint receives the additional attribute Threat Status with value unresolved.

The Attributes value should remain unresolved until i trigger a change (so no timer or change based on reconnection).

I can trigger the change by sending an api request(PATCH) to http://demo-ClearPass/endpoint/mac-address/{enpoint-mac} but i would like to do it without the use of the notebook.

My idea:

Use an amazon dash button which gets authenticated by MAC-address. This authentication should enforce a Content Server Action on localhost(ClearPass) which either sets the Attribute value to resolved or deletes it by sending value "".

Unfortunatley i do not get the Context Server Action to work. I do not see any errors altough i have to admit i do not know where if there is a log for them for there execution.

Thanks in advance

Kevin

Thanks Tim,

does that mean you see no way to do it with a context server action? I've never worked with python so far.

The clearpass is not accessible from the internet, so i expected i need a local resource to execute the phyton script, correct?

Thanks in advance

Kevin