Security

Hi guys,
Is there a way to use api to bounce a client?
So far i was able to successfully update endpoints with custom attributes with 3rd party variables.
Now I'm trying to bounce a client as part of a workflow of infected endpoint.

No

Did you happen to know if it's in the roadmap?

You can bounce a client with CoA via the ClearPass API, just not a clientside bounce from the OnGuard agent.

 

Is that agent bounce what you require, or will CoA work?

Well, i was looking for client bounce because i have a phone connected to
the port and a pc behind it.
CoA will bounce phone port not reflecting link flap onwards to the phone.
If I'll send a CoA message of disconnect rather then port bounce will my pc
going to renegotiate DHCP or will just reauthenticate?

Anyway, could you please reffer me to the API method for making CoA?

Thanks!

This should get you started:

https://community.arubanetworks.com/t5/Security/Using-REST-API-to-do-a-CoA/m-p/311308/highlight/true#M34449

Thanks A lot Herman.

I Could succesfully query and disconnect the endpoint that was alerting for malware.

When i"m done ill share my setup hope it could help others to build similar workflows.

 

The only thing that wasn't working for me is using the $conatins operator with the filter parameter. Lucky for me i could walkaround it.