Security

Reply
Highlighted
Occasional Contributor I

CoA quarantaine profile for X time

Hi,

I've a SIEM whichs sends a trigger when a virus is detected. the SIEM makes an API call to Clearpass, to reathorize the session.

reauthorize_session(sess, bearer, "CoA-Aruba-Role-Quarantined")

Now i need to define a CoA profile whichs terminate and quarantaine the device for a x time.

What profile do i need?

Guru Elite

Re: CoA profile for X time

That would ultimately require you to send another CoA to change the user role back.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: CoA profile for X time

Can i use the "Aruba-Change-User-Role" for that? and which role do i have to give it? can you explain some more how to do that?

Guru Elite

Re: CoA profile for X time

Yes, you’d do the exact same thing you did for the first call. The role would be whatever you want to assign.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: CoA profile for X time

When i try to change the rol. it says

Session-Context-Not-Found

screen.PNG

Guru Elite

Re: CoA profile for X time

Are you using the most recent authentication event?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: CoA profile for X time

Yes it's a test set-up, so only one host is connected to Clearpass and IAP

but action 2 says invalid request

screen2.PNG

Guru Elite

Re: CoA profile for X time

Does that role exist?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: CoA profile for X time

yesscreen3.PNG

Guru Elite

Re: CoA profile for X time

That’s a ClearPass role. Does the role exist on the IAP/controller?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: