Security Group Query
Verification
This test verifies the ability of the 3rd party system to retrieve all Security Group Tags (SGT) in ISE.
Definition
The security group query script exposes the security group tags (SGT) configured in ISE through the TrustSecMetadata capability topic. It provides a query method to retrieve all the SGTs configured in ISE based on a unique id, security group tag value and description.
Example
In this example, the security group query script will download all the Security Group tag contextual information. This script retrieves all TrustSec Security Groups session information from ISE. This includes the TrustSec tag name, unique identifier, description, and value.
Run the securitygroup_query script for a direct query on the security group tags.
Run the securitygroup_query script
./securitygroup_query.sh -a 192.168.1.23 -u SIM01 -k alpha.jks -p cisco123 -t alpha_root.jks -q cisco123
Results
------- properties -------
version=1.0.2-30-SNAPSHOT
hostnames=192.168.1.23
username=SIM01
group=Session
description=null
keystoreFilename=alpha.jks
keystorePassword=cisco123
truststoreFilename=alpha_root.jks
truststorePassword=cisco123
--------------------------
13:04:24.807 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Started
Connecting...
Connected
13:04:26.071 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Connected
SecurityGroup : id=65fddc70-2a34-11e5-82cb-005056bf2f0a, name=Unknown, desc=Unknown Security Group, tag=0
SecurityGroup : id=660aadb0-2a34-11e5-82cb-005056bf2f0a, name=ANY, desc=Any Security Group, tag=65535
SecurityGroup : id=669e6230-2a34-11e5-82cb-005056bf2f0a, name=SGT_Auditor, desc=Auditor Security Group, tag=9
SecurityGroup : id=66bdd110-2a34-11e5-82cb-005056bf2f0a, name=SGT_BYOD, desc=BYOD Security Group, tag=15
SecurityGroup : id=66dd3ff0-2a34-11e5-82cb-005056bf2f0a, name=SGT_Contractor, desc=Contractor Security Group, tag=5
SecurityGroup : id=66fcd5e0-2a34-11e5-82cb-005056bf2f0a, name=SGT_Developer, desc=Developer Security Group, tag=8
SecurityGroup : id=671a21e0-2a34-11e5-82cb-005056bf2f0a, name=SGT_DevelopmentServers, desc=Development Servers Security Group, tag=12
SecurityGroup : id=673c9e00-2a34-11e5-82cb-005056bf2f0a, name=SGT_Employee, desc=Employee Security Group, tag=4
SecurityGroup : id=6759ea00-2a34-11e5-82cb-005056bf2f0a, name=SGT_Guest, desc=Guest Security Group, tag=6
SecurityGroup : id=6775d670-2a34-11e5-82cb-005056bf2f0a, name=SGT_NetworkServices, desc=Network Services Security Group, tag=3
SecurityGroup : id=67959370-2a34-11e5-82cb-005056bf2f0a, name=SGT_PCIServers, desc=PCI Servers Security Group, tag=14
SecurityGroup : id=67b3a2c0-2a34-11e5-82cb-005056bf2f0a, name=SGT_PointOfSale, desc=PointOfSale Security Group, tag=10
SecurityGroup : id=67d50d70-2a34-11e5-82cb-005056bf2f0a, name=SGT_ProductionServers, desc=Production Servers Security Group, tag=11
SecurityGroup : id=67f16f10-2a34-11e5-82cb-005056bf2f0a, name=SGT_ProductionUser, desc=Production User Security Group, tag=7
SecurityGroup : id=680df7c0-2a34-11e5-82cb-005056bf2f0a, name=SGT_Quarantine, desc=Quarantine Security Group, tag=255
SecurityGroup : id=682a5960-2a34-11e5-82cb-005056bf2f0a, name=SGT_TestServers, desc=Test Servers Security Group, tag=13
SecurityGroup : id=68461ec0-2a34-11e5-82cb-005056bf2f0a, name=SGT_TrustSecDevices, desc=TrustSec Devices Security Group, tag=2
SecurityGroup : id=1bea1190-37f8-11e5-aeb1-000c297fb12a, name=3750x, desc=, tag=16
SecurityGroup : id=e855d7c0-3805-11e5-aeb1-000c297fb12a, name=ASA5505, desc=, tag=17
SecurityGroup : id=c0e5a9d0-381a-11e5-aeb1-000c297fb12a, name=Mobile_Users, desc=, tag=18
Connection closed
13:04:26.450 [Thread-1] INFO com.cisco.pxgrid.ReconnectionManager - Stopped