Ivanti Policy Secure-Specific Configurations Using REST APIs

Creating the HC Policy

Request

POST api/v1/configuration/authentication/endpoint/host-checker/policies/policy HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "policy-name": "HC",

    "regular": {

        "platforms": {

            "chromeos": {

                "dashboard": {

                    "consider-for-reporting": "true"

                },

                "remediation": {

                    "custom-instructions": "",

                    "enable-custom-instructions": "false",

                    "send-reason-strings": "true"

                }

            },

            "windows": {

                "dashboard": {

                    "consider-for-reporting": "true"

                },

                "remediation": {

                    "custom-instructions": "",

                    "delete-files": "false",

                    "enable-custom-instructions": "false",

                    "files": null,

                    "kill-processes": "false",

                    "processes": null,

                    "send-reason-strings": "true"

                },

                "rule-expression": {

                    "custom-expression": "",

                    "requirement": "all"

                },

                "rules": {

                    "advancedRule": [],

                    "firewall-rules": {

                        "firewall-rule": [

                            {

                                "needs-monitoring": "false",

                                "product-list": null,

                                "product-selection-option": "specific",

                                "rule-name": "rule1",

                                "select-specific-product": "false",

                                "select-specific-vendor": "true",

                                "selected-product-list": {

                                   "product-info": [

                                        {

                                            "product-name": "Windows Firewall (10.x)",

                                            "turn-on-firewall": "true"

                                        },

                                        {

                                            "product-name": "Windows Firewall (6.x)",

                                            "turn-on-firewall": "false"

                                        }

                                    ]

                                },

                                "turn-on-firewall-all": "false",

                                "vendor-list": [

                                    "Microsoft Corporation"

                                ]

                            }

                        ]

                    }

                }

            }

        }

    }

}

Response

{

    "result": {

        "warnings": [

            {

                "message": "The configuration has been implicitly changed"

            }

        ]

    }

}

Deleting the HC Policy

Request

DELETE api/v1/configuration/authentication/endpoint/host-checker/policies/policy/HC  HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating the Infranet Enforcer

Request

POST api/v1/configuration/uac/infranet-enforcer/connections/infranet-enforcer HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "idp-for-local-sessions-only": "true",

    "junos": {

        "location-group": "- No 802.1X -",

     "password-cleartext": "'Ivanti1234$",

    },

    "name": "SRX",

    "serial-number": [

        "ABCNWPWFS"

    ],

"severity-filter": "medium",

    "use-idp": "false"

}

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

}

Deleting the Infranet Enforcer

Request

DELETE api/v1/configuration/uac/infranet-enforcer/connections/infranet-enforcer/SRX HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating a Resource Policy

Request

POST api/v1/configuration/uac/infranet-enforcer/resource-access-policies/resource-access-policy/ HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "action": "allow-access",

    "apply": "all-roles",

    "apply-ie-options": "all-options",

    "deny-message": "",

    "description": "",

    "ie-options": [],

    "infranet-enforcer": [

        "(all)"

    ],

    "name": "Resource Policy",

    "resources": [

        "10.25.15.0/24:*"

    ],

    "roles": null,

    "vsys": ""

}

Deleting a Resource Policy

Request

DELETE api/v1/configuration/uac/infranet-enforcer/resource-access-policies/resource-access-policy/Resource%20Policy HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

}

Creating a RADIUS Client

Request

POST /api/v1/configuration/uac/network-access/radius-clients/radius-client HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "coa-support": "false",

    "description": "",

    "disconnect-support": "true",

    "dynamic-auth-port": "3799",

    "enable": "true",

   "gatewayid": "",

    "ip-address": "10.204.88.12",

    "ip-address-range": "1",

    "kek-encrypted": "",

    "key-wrap-format": "HEX",

    "key-wrap-support": "false",

    "location-group": "Default",

    "mack-encrypted": "",

    "make-model": "Ruckus Wireless",

    "name": "Ruckus",

    "ruckus-certificate-verification": "false",

    "ruckus-password-encrypted": "",

    "shared-secret-encrypted": "3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY="

}

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

}

Deleting a RADIUS Client

Request

Delete /api/v1/configuration/uac/network-access/radius-clients/radius-client/Ruckus HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating a RADIUS Attribute Policy

Request

POST /api/v1/configuration/uac/network-access/radius-attribute/radius-attributes-policies/radius-attribute-policy HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "apply": "all",

    "description": "",

    "location-group": [

        "Guest"

    ],

"name": "Return Attribute policy",

    "network-interface": "automatic",

    "open-port": "false",

    "return-attribute-flag": "false",

    "return-attributes": {

        "return-attribute": []

    },

    "roles": null,

    "send-session-timeout-by-default": "false",

    "send-termination-action-by-default": "false",

    "vlan": "65",

    "vlan-check": "true"

}

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

}

Deleting a RADIUS Attribute Policy

Request

DELETE  /api/v1/configuration/uac/network-access/radius-attribute/radius-attributes-policies/radius-attribute-policy/Return%20Attribute%20policy/HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating SNMP Device

Request

POST /api/v1/configuration/uac/snmpEnforcement/clients/client HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "default-vlan": "0",

    "description": "",

    "enable": "true",

    "ip-address": "10.204.88.12",

    "location-group": "none",

    "model": "Ruckus Wireless",

    "name": "ruckus",

    "read-auth-password-encrypted": "",

    "read-auth-protocol": "md5",

    "read-priv-password-encrypted": "",

    "read-priv-protocol": "",

    "read-security-level": "auth",

    "read-username": "public",

    "snmp-enforcement": "false",

    "snmp-version": "V2",

    "ssh-passphrase-encrypted": "",

    "ssh-port-number": "22",

    "ssh-private-key-encrypted": "",

    "ssh-user-name": "",

    "ssh-user-password-encrypted": "",

"sys-contact": "https://support.ruckuswireless.com/contact_us",

    "sys-description": "Ruckus Wireless ZD1200",

    "sys-location": "350 West Java Dr. Sunnyvale, CA 94089 US",

    "sys-name": "ruckus",

    "trap-auth-password-encrypted": "",

    "trap-auth-protocol": "md5",

    "trap-priv-password-encrypted": "",

    "trap-priv-protocol": "",

    "trap-security-level": "auth",

    "trap-username": "public",

    "use-samecredential": "true",

    "write-auth-password-encrypted": "",

    "write-auth-protocol": "md5",

    "write-priv-password-encrypted": "",

    "write-priv-protocol": "",

    "write-security-level": "auth",

    "write-username": "public"

}

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

}

Deleting SNMP Device

Request

DELETE /api/v1/configuration/uac/snmpEnforcement/clients/client/ruckus/HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating SNMP Policy

Request

POST  /api/v1/configuration/uac/snmpEnforcement/snmpPolicies/policy HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "apply-to-roles": "selected",

    "description": "",

    "location-group": "Guest Wired",

    "name": "SNMP policy",

    "roles": [

        "Guest Wired Restricted"

    ],

    "vlan": "65"

}

Response

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

   ]

    }

}

Deleting SNMP Policy

Request

DELETE /api/v1/configuration/uac/snmpEnforcement/snmpPolicies/policy/SNMP%20policy HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating Device Group - TACACS+

Request

POST /api/v1/configuration/uac/networkDeviceAdministration/groups/group/ HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "admin-realm": "Admin Users",

    "description": "",

    "name": "Device Group"

}

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

}

Deleting Device Group- TACACS+

Request

DELETE /api/v1/configuration/uac/networkDeviceAdministration/groups/group/Device%20Group HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating TACACS+ Client

Request

POST api/v1/configuration/uac/networkDeviceAdministration/clients/client HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "description": "",

    "deviceGroup": "Device Group",

    "enable": "true",

    "ipAddress": "10.204.88.244",

    "ipAddressRange": "1",

    "name": "TACACS client",

    "shared-secret-encrypted": "3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY="

}

Response

{

    "result": {

        "warnings": [

            {

                "message": "The configuration has been implicitly changed"

            }

        ]

    }

}

Deleting TACACS+ Client

Request

DELETE /api/v1/configuration/uac/networkDeviceAdministration/clients/client/TACACS%20client HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating Shell Policies

Request

POST /api/v1/configuration/uac/networkDeviceAdministration/policies/policy HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "apply-action": "deny",

    "apply-groups": "all",

    "apply-roles": "all",

    "commandSets": {

        "command-set": []

    },

    "defaultPrivilege": "1",

    "description": "",

    "groups": null,

    "maxPrivilege": "1",

    "name": "TACACS policy",

    "roles": null

}

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

}

Deleting Shell Policies

Request

DELETE /api/v1/configuration/uac/networkDeviceAdministration/policies/policy/TACACS%20policy HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Response

{

    "result": {

        "warnings": [

            {

                "message": "The configuration has been implicitly changed"

            }

        ]

    }

}

Creating Admission Control Client

Request

POST  /api/v1/configuration/uac/admissionControl/clients/client HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "description": "",

    "enable": "true",

    "ipAddress": "10.204.88.12",

    "name": "FORTINET",

    "templateID": "fortigate-text.itmpl"

}

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

}

Deleting Admission Control Client

Request

DELETE  /api/v1/configuration/uac/admissionControl/clients/client/FORTINET HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Creating Admission Control Policy

Request

POST /api/v1/configuration/uac/admissionControl/policies/policy/ HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

    "action": "ignore",

    "apply": "selected",

    "count": "1",

    "event": "utm:ips",

    "name": "policy1",

    "replacementRole": null,

    "replacementType": "Permanent",

    "roles": null,

    "severity": "critical",

    "templateID": "fortigate-text.itmpl"

}

Response

{

    "result": {

        "info": [

            {

                "message": "Operation succeeded without warning or error!"

            }

        ]

    }

Deleting Admission Control Policy

Request

DELETE /api/v1/configuration/uac/admissionControl/policies/policy/policy1 HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic

VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

Response

HTTP/1.1 204 NO CONTENT

Content-Length: 0

Content-Type: application/json

Getting Authentication API Key

Request

GET <PPS-IP Address>/api/v1/auth

Response

"api_key": "NAIq3DNqOh7aDTsXJbZRUo4b+tILb1vpf5sasdasdfao="

Request

GET <PPS-IP Address>/api/v1/auth/profiler/auth

Response

"api_key": "NAIq3DNqOh7aDTsXJbZRUo4b+tILb1vpf5sasdasdfao="

Ivanti Policy Secure Alert Based Admission Control APIs

Checking Status of Ivanti Policy Secure Server

Request

GET <PPS-IP Address>/api/v1/integration/status

Response

"{\"message\": \"API server is up\"}"

Getting Session Details for Endpoint Based on IP Address

Request

GET <PPS-IP Address>/api/v1/integration/sessions/<endpoint-IP Address>

Response

{

  "data": [

    {

      "ip": "10.xxx.xx.xx",

      "macaddr": "00-56-65-bf-0b-cx",

      "switch_ip": "",

      "switch_port": "",

      "username": "user1"

    }

  ]

}

Note: This sample response is for Juniper SDSN.

Getting Session Details for Endpoint Based on MAC Address

Request

GET <PPS-IP Address>/api/v1/integration/sessions/<endpoint-MAC Address>

Response

{

  "data": [

    {

      "macaddr": "00-56-65-bf-0b-cx",

      "switch_ip": "",

      "switch_port": "",

    }

  ]

}

Sending Alert Event to Ivanti Policy Secure

Request

PUT /api/v1/ integration/sessions

For example:

Sample PUT request Payload for Juniper SDSN is {"event-name":"block-endpoint", "srcip":"10.xxx.xx.xxx"}.

Note: The event-names and field to parse the source-IP from the event should be defined in the admission control template.

Response

HTTP/1.1 204 NO CONTENT

Profiler REST APIs

Approving Devices

Request

PUT api/v1/profiler/endpoints/simplified/xx:xx:xx:xx:xx:xx HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

   "status": "approved"

}

Response

HTTP/1.1 200 OK

Content-Type: application/json

{

  "Successfully updated."

}

Updating Device Attributes

Request

PUT api/v1/profiler/endpoints/simplified/xx:xx:xx:xx:xx:xx HTTP/1.1

Host xx.xx.xx.xx

Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06

Content-Type: application/json

{

   "manufacturer": "Windows",

   "os": "Windows"

}

Response

HTTP/1.1 200 OK

Content-Type: application/json

{

"Successfully updated."

}


Adding details in Profiler Database

API to add endpoint details in Profiler DB

Request

POST api/v1/profiler/endpoints

Content-Type: application/json

{

"manufacturer": "Windows",

"os": "Windows"

}

Response

HTTP/1.1 201 CREATED

Content-Type: application/json

{

"Successfully created."

}


 

Removing details in Profiler Database

API to delete endpoint details in Profiler DB

Request:
API Path: api/v1/profiler/endpoints/xx.xx.xx.xx

Method: DELETE

 

Response:

HTTP/1.1 200 OK
{

"success": "1",

"error": []

}

API to delete multiple endpoints in Profiler DB

Request:
API Path: api/v1/profiler/endpoints/xx.xx.xx.xx,xx.xx.xx.xx

Method: DELETE

Response:

HTTP/1.1 200 OK
{

"success": "2",

"error": []

}