Been looking at how to create custom fingerprints.
My initial one was to generate a "UoY Amazon Echo" fingerprint as the supplied one didn't have the MAC OUI of the Echo e bought.
What I did was create the following and uploaded it to the MP.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader exportTime="Tue Jul 24 12:38:04 BST 2018" version="6.7"/>
<!—
Date: 27/07/18
Name: Amazon-echo-fingerprint.xml
Function; Create a locally defined fingerprint category="Home Audio/Video Equipment" family="Amazon" name="UoY Amazon Echo”. Take the standard ClarPass definition and add the OUI of the device on my desk to the list of known ones.
—>
<DeviceFingerprints>
<DeviceFingerprint category="Home Audio/Video Equipment" family="Amazon" name="UoY Amazon Echo">
<FingerprintRules>
<FingerprintRule match-conditions="ALL">
<RuleCondition name="mac_vendor" operator="contains" value="Amazon"/>
<RuleCondition name="device.family" operator="contains" value="Android"/>
<!-- OUI prefixes for the default ClearPass Amazon Echo fingerprint and addition of the one on my desk -->
<RuleCondition name="mac" operator="contains" >
<valueList>[34d270 40b4cd fca667 4cefc0 8871e5]</valueList>
</RuleCondition>
<RuleCondition name="dhcp.option60" operator="contains" >
<valueList>["dhcpcd-5.5.6"]</valueList>
</RuleCondition>
<RuleCondition name="dhcp.option55" operator="contains" >
<valueList>["1,33,3,6,15,28,51,58,59"]</valueList>
</RuleCondition>
<RuleCondition name="dhcp.options" operator="contains" >
<valueList>["53,50,57,60,12,55"]</valueList>
</RuleCondition>
</FingerprintRule>
</FingerprintRules>
</DeviceFingerprint>
</DeviceFingerprints>
</TipsContents>
In the ClearPass profilling doc the example to add a rule is
RULES API:
1. API to ADD Rules:
Given an unknown endpoint, this API will automatically create rules by ANDing rule attributes from endpoint mac_vendor, hostname and fingerprints (ex:
"dhcp.option60", "snmp.sys_descr", "host.user_agent", "host.os_type", "nmap.device",
). Rules created using API will have ids starting from
Method: POST
URL: /async_netd/deviceprofiler/rules Values:
{
mac:
rule_fields: [..] }
Where rule_fields = mac_vendor, hostname, dhcp.option55, dhcp.options, dhcp.option60, snmp.sys_descr, host.user_agent etc...
Example:
CMD:
curl -X POST -u apiadmin:password https://<CPPM IP>/async_netd/deviceprofiler/rules –H "Content-Type: application/json" -k -d
'{"mac" : "6cadf8112341",
"rule_fields": ["mac_vendor", "dhcp.option55"] }'
Output: 100000 [New rule ID]
What JSON format do I have to use to implement the
<RuleCondition name="mac" operator="contains" >
<valueList>[34d270 40b4cd fca667 4cefc0 8871e5]</valueList>
</RuleCondition>
In my import XML file?
Rgds
Alex