Cisco pxGrid Complete API
Complete API specification for Cisco pxGrid Control, Session Directory, System Health, TrustSec Configuration, Endpoint, TrustSec SXP, RADIUS Failures, MDM Endpoints, Profiler Configuration, and ANC Configuration services.
This specification includes:
- Session Directory
- System Health
- TrustSec Configuration
- Endpoint
- TrustSec SXP
- RADIUS Failures
- MDM Endpoints
- Profiler Configuration
- ANC Configuration
The objects returned by the various services and details on which ISE versions may return certain attributes are defined below.
Session Directory
Session Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
adHostDomainName |
string | Active Directory host domain name | 2.3 |
adHostNetBiosName |
string | Active Directory host NetBIOS name | 2.3 |
adHostQualifiedName |
string | Active Directory host qualified name | 2.4p9 2.6p2 2.7 |
adHostResolvedDns |
string | Active Directory host resolved DNS | 2.3 |
adHostResolvedIdentities |
string | Active Directory host resolved identities | 2.3 |
adHostSamAccountName |
string | Active Directory host SAM account name | 2.4p9 2.6p2 2.7 |
adNormalizedUser |
string | Normalized Active Directory username | 2.3 |
adUserDomainName |
string | Active Directory user domain name | 2.3 |
adUserNetBiosName |
string | Active Directory user NetBIOS name | 2.3 |
adUserQualifiedName |
string | Active Directory user qualified name | 2.4p9 2.6p2 2.7 |
adUserResolvedDns |
string | Active Directory user resolved DNS | 2.3 |
adUserResolvedIdentities |
string | Active Directory user resolved identities | 2.3 |
adUserSamAccountName |
string | Active Directory user SAM account name | 2.4p9 2.6p2 2.7 |
airespaceWlanId |
string | Airespace WLAN identifier | 2.3 |
ancPolicy |
string | The Adaptive Network Control policy applied to this endpoint | 2.4 |
auditSessionId |
string | Audit Session ID generated uniquely by switch/router for a given session | 2.3 |
calledStationId |
string | The called station identifier | 2.3 |
callingStationId |
string | The calling station identifier | 2.3 |
ctsSecurityGroup |
string | Trustsec security group name | 2.3 |
endpointCheckResult |
string | Endpoint check result | 2.3 |
endpointCheckTime |
string | Time when endpoint check was performed | 2.3 |
endpointOperatingSystem |
string | Operating system of the endpoint | 2.3 |
endpointProfile |
string | Profile of the endpoint | 2.3 |
identitySourcePortEnd |
string | End of source port range of the virtual desktop environment | 2.3 |
identitySourcePortFirst |
string | First source port of the virtual desktop environment | 2.3 |
identitySourcePortStart |
string | Start of source port range of the virtual desktop environment | 2.3 |
ipAddresses |
array of string | IPv4 or IPv6 addresses | 2.3 |
isMachineAuthentication |
string | Determine if this is a machine authentication (true for a machine, false for ... | 2.3 |
macAddress |
string | MAC address in uppercase colon separated format XX:XX:XX:XX:XX:XX | 2.3 |
mdmCompliant |
boolean | Whether the device is compliant with policies | 2.4 |
mdmDeviceManager |
string | Device management system information | 2.4 |
mdmDiskEncrypted |
boolean | Whether device storage is encrypted | 2.4 |
mdmImei |
string | International Mobile Equipment Identity | 2.4 |
mdmJailBroken |
boolean | Whether device is jailbroken/rooted | 2.4 |
mdmLastSyncTime |
string | Last synchronization time with MDM | 2.4 |
mdmLocation |
string | Device location information | 2.4 |
mdmMacAddress |
string | Mobile Device Management MAC address | 2.4 |
mdmManufacturer |
string | Device manufacturer | 2.4 |
mdmMeid |
string | Mobile Equipment Identifier | 2.4 |
mdmModel |
string | Device model | 2.4 |
mdmOsVersion |
string | Mobile Device Management OS version | 2.4 |
mdmPinLocked |
boolean | Whether device is PIN/password protected | 2.4 |
mdmRegistered |
boolean | Whether the device is registered with MDM | 2.4 |
mdmSerialNumber |
string | Device serial number | 2.4 |
mdmUdid |
string | Unique Device Identifier | 2.4 |
nasIdentifier |
string | Network Access Server identifier | 2.3 |
nasIpAddress |
string | IPv4 or IPv6 address of the network access device | 2.3 |
nasPortId |
string | Network Access Server port identifier | 2.3 |
nasPortType |
string | Network Access Server port type | 2.3 |
networkDeviceProfileName |
string | Network device profile name | 2.3 |
postureStatus |
string | Posture status of the endpoint (Compliant or NonCompliant) | 2.3 |
providers |
array of string | Providers of this session information | 2.3 |
radiusFlowType |
string | RADIUS flow type | 2.3 |
selectedAuthzProfiles |
array of string | Selected authorization profiles for the session | 2.4p12 2.6p5 2.7p1 3.0 |
serviceType |
string | Service type | 2.3 |
ssid |
string | Service Set Identifier for wireless networks | 2.3 |
state |
string | Current state of the session, where DISCONNECTED indicates a terminated session | 2.3 |
terminalServerAgentId |
string | Terminal Server Agent ID | 2.3 |
timestamp |
string | The time that the session record was created or updated in ISE | 2.3 |
tunnelPrivateGroupId |
string | Tunnel private group identifier | 2.3 |
userName |
string | Username of the authenticated user | 2.3 |
virtualNetwork |
string | Virtual network identifier | 3.0 |
User Group Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
groups |
array | List of security groups associated with this user | 2.3 |
userName |
string | Username of the authenticated user | 2.3 |
Group Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
name |
string | The name of the security group | 2.3 |
type |
string | The type of security group (ISE 2.3+) | 2.3 |
System Health
Health Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
timestamp |
string | The time this record was created in ISE | 2.3 |
serverName |
string | ISE server name where data is recorded | 2.3 |
ioWait |
number | Percentage of I/O wait for the last 5 minutes | 2.3 |
cpuUsage |
number | Percentage of CPU usage for the last 5 minutes | 2.3 |
memoryUsage |
number | Percentage of total memory usage | 2.3 |
diskUsageRoot |
number | Percentage of disk space usage of root directory | 2.3 |
diskUsageOpt |
number | Percentage of disk space usage of opt directory | 2.3 |
loadAverage |
number | The average number of jobs in the run queue for the last 5 minutes | 2.3 |
networkSent |
number | Bytes sent for the last 5 minutes | 2.3 |
networkReceived |
number | Bytes received for the last 5 minutes | 2.3 |
Performance Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
timestamp |
string | The time this record was created in ISE | 2.3 |
serverName |
string | ISE server name where data is recorded | 2.3 |
radiusRate |
number | Average transactions per second of Radius requests since startTimestamp | 2.3 |
radiusCount |
number | Total Radius requests count since startTimestamp | 2.3 |
radiusLatency |
number | Average latency for all Radius requests in milliseconds since startTimestamp | 2.3 |
TrustSec Configuration
Security Group Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
description |
string | Human-readable description of the security group | 2.4 |
id |
string | Unique identifier for the security group | 2.4 |
name |
string | Name of the security group | 2.4 |
tag |
integer | Security Group Tag (SGT) value | 2.4 |
timestamp |
string | Time when the security group was created or last modified | 3.2 |
Security Group ACL Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
acl |
string | ACL content defining access control rules | 2.4 |
description |
string | Human-readable description of the security group ACL | 2.4 |
generationId |
string | Generation identifier for tracking changes | 2.4 |
id |
string | Unique identifier for the security group ACL | 2.4 |
ipVersion |
string | IP version (IPv4 or IPv6) that this ACL applies to | 2.4 |
isDeleted |
boolean | Flag indicating whether the security group ACL has been deleted | 2.4p13 2.6p9 2.7 |
modelledContent |
object | Structured representation of the ACL content (ISE 3.1+) | 3.1 |
name |
string | Name of the security group ACL | 2.4 |
timestamp |
string | Time when the security group ACL was created or last modified | 3.2 |
Virtual Network Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
additionalAttributes |
string | Additional attributes in JSON string format | 3.1 |
id |
string | Unique identifier for the virtual network | 3.1 |
name |
string | Name of the virtual network | 3.1 |
timestamp |
string | Time when the virtual network was created or last modified | 3.1 3.2 |
Egress Policy Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
id |
string | Unique identifier for the egress policy | 2.3 |
name |
string | Name of the egress policy | 2.3 |
matrixId |
string | Matrix this policy belongs to | 2.3 |
status |
string | Status of the egress policy (ENABLE, MONITOR) | 2.3 |
description |
string | Human-readable description of the egress policy | 2.3 |
sourceSecurityGroupId |
string | Source security group ID | 2.3 |
destinationSecurityGroupId |
string | Destination security group ID | 2.3 |
sgaclIds |
array of string | IDs of the SGACLs being used | 2.3 |
timestamp |
string | Time when the egress policy was created or last modified | 3.2 |
Egress Matrix Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
id |
string | Unique identifier for the egress matrix | 2.3 |
name |
string | Name of the egress matrix | 2.3 |
description |
string | Human-readable description of the egress matrix | 2.3 |
monitorAll |
boolean | Whether to monitor all traffic in this matrix | 2.3 |
timestamp |
string | Time when the egress matrix was created or last modified | 3.2 |
Endpoint
ISE Endpoint Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
aaaServer |
string | PSN's hostname | 3.3 |
allowedProtocolMatchedRule |
string | Matched protocol rule | 3.3 |
authenticationIdentityStore |
string | Identity store used for authentication | 3.3 |
authenticationMethod |
string | Protocol used to authenticate | 3.3 |
authorizationPolicyMatchedRule |
string | Authorization policy matched rule | 3.3 |
byodRegistration |
string | BYOD registration status | 3.3 |
cacheUpdateTime |
string | Time in EPOCH | 3.3 |
callingStationId |
string | Calling station identifier | 3.3 |
createTime |
string | Time in EPOCH | 3.3 |
customAttributes |
object | JSON string containing key-value pairs of custom attributes of endpoint | 3.3 |
destinationIpAddress |
string | Destination IP address | 3.3 |
destinationPort |
string | Destination port | 3.3 |
deviceIdentifier |
string | Device identifier | 3.3 |
deviceIpAddress |
string | NAD's IP Address | 3.3 |
devicePort |
string | Device port of the endpoint | 3.3 |
deviceRegistrationStatus |
string | Registration status (Registered or NotRegistered) | 3.3 |
dhcpHostName |
string | DHCP hostname | 3.3 |
edfCreateTime |
string | Creation time of the endpoint | 3.3 |
edfUpdateTime |
string | Update time of the endpoint | 3.3 |
endPointMACAddress |
string | Endpoint MAC address | 3.3 |
endPointPolicy |
string | Endpoint policy | 3.3 |
endPointPolicyID |
string | Endpoint policy identifier | 3.3 |
endPointProfilerServer |
string | Endpoint profiler server | 3.3 |
endpointSource |
string | Source of the endpoint information | 3.3 |
failureReason |
string | Reason for authentication failure | 3.3 |
firstCollection |
string | First collection timestamp | 3.3 |
framedIpAddress |
string | IP address of the endpoint | 3.3 |
framedIpNetmask |
string | IP netmask of the endpoint | 3.3 |
identityGroup |
string | Identity group name | 3.3 |
identityGroupID |
string | Identity group identifier | 3.3 |
identityPolicyMatchedRule |
string | Rule name of policy which matched | 3.3 |
ip |
string | IP address of the endpoint | 3.3 |
lastActivity |
string | Time of last activity | 3.3 |
lastNmapScanTime |
string | Last Nmap scan time | 3.3 |
location |
string | Location information | 3.3 |
logicalProfile |
string | Logical profile | 3.3 |
macAddress |
string | MAC address of the endpoint | 3.3 |
matchedPolicy |
string | Matched policy name | 3.3 |
matchedPolicyID |
string | Identifier for matched policy | 3.3 |
mdmServerId |
string | MDM server identifier | 3.3 |
messageCode |
string | Message code which is responsible for creation of the endpoint | 3.3 |
mfcInfoDeviceType |
string | Provides information about the device type | 3.3 |
mfcInfoEndpointType |
string | Provides information about the endpoint type | 3.3 |
mfcInfoHardwareManufacturer |
string | Provides information about the Hardware Manufacturer | 3.3 |
mfcInfoHardwareModel |
string | Provides information about the hardware model | 3.3 |
nadDeviceType |
string | NAD device type | 3.3 |
nasIdentifier |
string | Network Access Server identifier | 3.3 |
nasIpAddress |
string | Network Access Server's IP address | 3.3 |
nasPort |
string | Network Access Server port | 3.3 |
nasPortId |
string | Network Access Server port ID | 3.3 |
nasPortType |
string | Network Access Server port type (Ethernet, Wireless, VPN) | 3.3 |
networkDeviceGroups |
string | Comma separated network device groups | 3.3 |
networkDeviceName |
string | Network device name | 3.3 |
nmapScanCount |
string | Nmap scan count | 3.3 |
nmapSubnetScanID |
string | Nmap subnet scan identifier | 3.3 |
oui |
string | Vendor's ID of the network adapter | 3.3 |
phoneId |
string | Phone identifier | 3.3 |
policyVersion |
string | Version of the policies used to profile the endpoint | 3.3 |
portalUser |
string | Portal username | 3.3 |
postureApplicable |
string | Posture applicability | 3.3 |
postureAssessmentStatus |
string | Posture assessment status | 3.3 |
registrationTimeStamp |
string | Registration timestamp | 3.3 |
selectedAccessService |
string | Policy engine team to contact | 3.3 |
selectedAuthenticationIdentityStores |
string | Comma separated Identity stores | 3.3 |
selectedAuthorizationProfiles |
string | Selected authorization profiles | 3.3 |
sequence |
integer | Sequence number for loss detection (From ISE 3.5 onwards) | 3.5 |
staticAssignment |
string | Static assignment status (True or False) | 3.3 |
staticGroupAssignment |
string | Static group assignment status (True or False) | 3.3 |
timeToProfile |
string | Time taken to profile the endpoint | 3.3 |
totalCertaintyFactor |
string | Certainty factor value assigned to the endpoint during profiling | 3.3 |
uniqueSubjectId |
string | Unique subject identifier | 3.3 |
updateTime |
string | Update time | 3.3 |
userFetchEmail |
string | Email address of the user | 3.3 |
userFetchFirstName |
string | First name of the user | 3.3 |
userFetchLastName |
string | Last name of the user | 3.3 |
userFetchUserName |
string | Username of the user | 3.3 |
userName |
string | Username | 3.3 |
userType |
string | Type of user | 3.3 |
TrustSec SXP
SXP Binding Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
tag |
string | SXP security group tag | 2.3 |
ipPrefix |
string | IP address prefix with subnet mask | 2.3 |
source |
string | Source IP address | 2.3 |
peerSequence |
string | Peer sequence identifier | 2.3 |
vpn |
string | VPN instance identifier | 2.3 |
RADIUS Failures
RadiusFailure Object Fields
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
id |
string | Unique identifier for the failure record | 2.3 |
timestamp |
string | The time this record was created in ISE | 2.3 |
failureReason |
string | The reason for the authentication failure | 2.3 |
userName |
string | Username that failed authentication | 2.3 |
serverName |
string | ISE server name where failure occurred | 2.3 |
callingStationId |
string | RADIUS Calling-Station-ID | 2.3 |
auditSessionId |
string | Audit session identifier | 2.3 |
nasIpAddress |
string | Network Access Server IP address | 2.3 |
nasPortId |
string | Network Access Server port identifier | 2.3 |
nasPortType |
string | Network Access Server port type | 2.3 |
ipAddresses |
array of string | IP addresses associated with the failure | 2.3 |
macAddress |
string | MAC address of the device | 2.3 |
messageCode |
integer | ISE syslog message code (5400-5499) | 2.3 |
destinationIpAddress |
string | Destination IP address | 2.3 |
userType |
string | Type of user | 2.3 |
accessService |
string | Access service used | 2.3 |
identityStore |
string | Identity store used for authentication | 2.3 |
identityGroup |
string | Identity group of the user | 2.3 |
authenticationMethod |
string | Authentication method used | 2.3 |
authenticationProtocol |
string | Authentication protocol used | 2.3 |
serviceType |
string | Service type | 2.3 |
networkDeviceName |
string | Name of the network device | 2.3 |
deviceType |
string | Type of device | 2.3 |
location |
string | Location of the device | 2.3 |
selectedAznProfiles |
string | Selected authorization profiles | 2.3 |
postureStatus |
string | Posture assessment status | 2.3 |
ctsSecurityGroup |
string | Cisco TrustSec security group | 2.3 |
response |
string | RADIUS response details | 2.3 |
responseTime |
integer | Time taken to respond in milliseconds | 2.3 |
executionSteps |
string | Execution steps during authentication | 2.3 |
credentialCheck |
string | Credential check method | 2.3 |
endpointProfile |
string | Endpoint profile | 2.3 |
mdmServerName |
string | MDM server name | 2.3 |
policySetName |
string | Policy set name | 2.3 |
authorizationRule |
string | Authorization rule | 2.3 |
mseResponseTime |
integer | MSE response time | 2.3 |
mseServerName |
string | MSE server name | 2.3 |
originalCallingStationId |
string | Original calling station identifier | 2.3 |
MDM Endpoints
MDM Endpoints Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
compliant |
boolean | Whether the device is compliant with policies | 2.4 |
deviceManager |
string | MDM system managing the device | 2.4 |
diskEncrypted |
boolean | Whether device storage is encrypted | 2.4 |
imei |
string | International Mobile Equipment Identity | 2.4 |
jailBroken |
boolean | Whether device is jailbroken/rooted | 2.4 |
lastSyncTime |
string | Time of last synchronization with MDM | 2.4 |
location |
string | Device location | 2.4 |
macAddress |
string | MAC address of the mobile device | 2.4 |
manufacturer |
string | Device manufacturer | 2.4 |
meid |
string | Mobile Equipment Identifier | 2.4 |
model |
string | Device model | 2.4 |
osVersion |
string | Operating system version | 2.4 |
pinLocked |
boolean | Whether device is PIN/password protected | 2.4 |
registered |
boolean | Whether the device is registered | 2.4 |
serialNumber |
string | Device serial number | 2.4 |
udid |
string | Unique Device Identifier | 2.4 |
Profiler Configuration
Profile Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
id |
string | Unique identifier for the profile | 2.3 |
name |
string | Short name of the profile | 2.3 |
fullName |
string | Full name of the profile | 2.3 |
ANC Configuration
AncPolicy Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
actions |
array of AncAction | List of actions defined for this policy | 2.4 |
name |
string | Name of the policy | 2.4 |
ANC Endpoint Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
macAddress |
string | MAC address of the endpoint | 2.4 |
policyName |
string | Name of the policy applied to this endpoint | 2.4 |
ANC Status Object
| Attribute Name | Type | Description | ISE Version |
|---|---|---|---|
failureReason |
string | The reason if operation fails | 2.4 |
macAddress |
string | MAC address where operation is performed | 2.4 |
nasIpAddress |
string | NAS IP address where operation is performed | 2.6p7 2.7p2 3.0 |
operationId |
string | Unique identifier for the operation | 2.4 |
status |
string | Current status of the operation | 2.4 |