Do you have an IntroSpect AN setup? I can help you with the config if you have an immediate requirement. The TechNote is Work In Progress and should be available soon.
The logic is simple
1. ClearPass posts user/device context to IntroSpect using Endpoint Context server actions leveraging the APIs on IntroSpect.
2. IntroSpect can Quarantine a risky user on the network leveraging the APIs on the ClearPass