Security Group Query

Verification

This test verifies the ability of the third party system to retrieve all Security Group Tags in ISE.

Definition

The security group query script exposes the security group tags (SGT) configured in ISE through the TrustSecMetadata capability topic. It provides a query method to retrieve all the SGTs configured in ISE based on a unique id, security group tag value and description.

Example

In this example, the security group query script will download all the Security Group tag contextual information. This script retrieves all TrustSec Security Groups session information from ISE. This includes the TrustSec tag name, unique identifier, description, and value.

For a direct query on security group tags, run the securitygroup_query script:

./securitygroup_query.sh -a 10.0.0.37 -u mac -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123

Results: Refer to the right hand panel.

Security Group Query

------- properties -------

version=1.0.2-30-SNAPSHOT

hostnames=10.0.0.37

username=mac

group=Session

description=null

keystoreFilename=alpha.jks

keystorePassword=cisco123

truststoreFilename=alpha_root.jks

truststorePassword=cisco123

--------------------------

11:53:11.474 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started

Connecting...

Connected

11:53:12.897 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected

SecurityGroup : id=65fddc70-2a34-11e5-82cb-005056bf2f0a, name=Unknown, desc=Unknown Security Group, tag=0

SecurityGroup : id=660aadb0-2a34-11e5-82cb-005056bf2f0a, name=ANY, desc=Any Security Group, tag=65535

SecurityGroup : id=669e6230-2a34-11e5-82cb-005056bf2f0a, name=SGT_Auditor, desc=Auditor Security Group, tag=9

SecurityGroup : id=66bdd110-2a34-11e5-82cb-005056bf2f0a, name=SGT_BYOD, desc=BYOD Security Group, tag=15

SecurityGroup : id=66dd3ff0-2a34-11e5-82cb-005056bf2f0a, name=SGT_Contractor, desc=Contractor Security Group, tag=5

SecurityGroup : id=66fcd5e0-2a34-11e5-82cb-005056bf2f0a, name=SGT_Developer, desc=Developer Security Group, tag=8

SecurityGroup : id=671a21e0-2a34-11e5-82cb-005056bf2f0a, name=SGT_DevelopmentServers, desc=Development Servers Security Group, tag=12

SecurityGroup : id=673c9e00-2a34-11e5-82cb-005056bf2f0a, name=SGT_Employee, desc=Employee Security Group, tag=4

SecurityGroup : id=6759ea00-2a34-11e5-82cb-005056bf2f0a, name=SGT_Guest, desc=Guest Security Group, tag=6

SecurityGroup : id=6775d670-2a34-11e5-82cb-005056bf2f0a, name=SGT_NetworkServices, desc=Network Services Security Group, tag=3

SecurityGroup : id=67959370-2a34-11e5-82cb-005056bf2f0a, name=SGT_PCIServers, desc=PCI Servers Security Group, tag=14

SecurityGroup : id=67b3a2c0-2a34-11e5-82cb-005056bf2f0a, name=SGT_PointOfSale, desc=PointOfSale Security Group, tag=10

SecurityGroup : id=67d50d70-2a34-11e5-82cb-005056bf2f0a, name=SGT_ProductionServers, desc=Production Servers Security Group, tag=11

SecurityGroup : id=67f16f10-2a34-11e5-82cb-005056bf2f0a, name=SGT_ProductionUser, desc=Production User Security Group, tag=7

SecurityGroup : id=680df7c0-2a34-11e5-82cb-005056bf2f0a, name=SGT_Quarantine, desc=Quarantine Security Group, tag=255

SecurityGroup : id=682a5960-2a34-11e5-82cb-005056bf2f0a, name=SGT_TestServers, desc=Test Servers Security Group, tag=13

SecurityGroup : id=68461ec0-2a34-11e5-82cb-005056bf2f0a, name=SGT_TrustSecDevices, desc=TrustSec Devices Security Group, tag=2

Connection closed

11:53:13:235 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager- Stopped