Ivanti Policy Secure-Specific Configurations Using REST APIs
Creating the HC Policy
|
Request POST api/v1/configuration/authentication/endpoint/host-checker/policies/policy HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "policy-name": "HC", "regular": { "platforms": { "chromeos": { "dashboard": { "consider-for-reporting": "true" }, "remediation": { "custom-instructions": "", "enable-custom-instructions": "false", "send-reason-strings": "true" } }, "windows": { "dashboard": { "consider-for-reporting": "true" }, "remediation": { "custom-instructions": "", "delete-files": "false", "enable-custom-instructions": "false", "files": null, "kill-processes": "false", "processes": null, "send-reason-strings": "true" }, "rule-expression": { "custom-expression": "", "requirement": "all" }, "rules": { "advancedRule": [], "firewall-rules": { "firewall-rule": [ { "needs-monitoring": "false", "product-list": null, "product-selection-option": "specific", "rule-name": "rule1", "select-specific-product": "false", "select-specific-vendor": "true", "selected-product-list": { "product-info": [ { "product-name": "Windows Firewall (10.x)", "turn-on-firewall": "true" }, { "product-name": "Windows Firewall (6.x)", "turn-on-firewall": "false" } ] }, "turn-on-firewall-all": "false", "vendor-list": [ "Microsoft Corporation" ] } ] } } } } } } Response { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Deleting the HC Policy
|
Request DELETE api/v1/configuration/authentication/endpoint/host-checker/policies/policy/HC HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating the Infranet Enforcer
|
Request POST api/v1/configuration/uac/infranet-enforcer/connections/infranet-enforcer HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "idp-for-local-sessions-only": "true", "junos": { "location-group": "- No 802.1X -", "password-cleartext": "'Ivanti1234$", }, "name": "SRX", "serial-number": [ "ABCNWPWFS" ], "severity-filter": "medium", "use-idp": "false" } Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting the Infranet Enforcer
|
Request DELETE api/v1/configuration/uac/infranet-enforcer/connections/infranet-enforcer/SRX HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a Resource Policy
|
Request POST api/v1/configuration/uac/infranet-enforcer/resource-access-policies/resource-access-policy/ HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "action": "allow-access", "apply": "all-roles", "apply-ie-options": "all-options", "deny-message": "", "description": "", "ie-options": [], "infranet-enforcer": [ "(all)" ], "name": "Resource Policy", "resources": [ "10.25.15.0/24:*" ], "roles": null, "vsys": "" } |
Deleting a Resource Policy
|
Request DELETE api/v1/configuration/uac/infranet-enforcer/resource-access-policies/resource-access-policy/Resource%20Policy HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Creating a RADIUS Client
|
Request POST /api/v1/configuration/uac/network-access/radius-clients/radius-client HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "coa-support": "false", "description": "", "disconnect-support": "true", "dynamic-auth-port": "3799", "enable": "true", "gatewayid": "", "ip-address": "10.204.88.12", "ip-address-range": "1", "kek-encrypted": "", "key-wrap-format": "HEX", "key-wrap-support": "false", "location-group": "Default", "mack-encrypted": "", "make-model": "Ruckus Wireless", "name": "Ruckus", "ruckus-certificate-verification": "false", "ruckus-password-encrypted": "", "shared-secret-encrypted": "3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY=" } Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting a RADIUS Client
|
Request Delete /api/v1/configuration/uac/network-access/radius-clients/radius-client/Ruckus HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating a RADIUS Attribute Policy
|
Request POST /api/v1/configuration/uac/network-access/radius-attribute/radius-attributes-policies/radius-attribute-policy HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "apply": "all", "description": "", "location-group": [ "Guest" ], "name": "Return Attribute policy", "network-interface": "automatic", "open-port": "false", "return-attribute-flag": "false", "return-attributes": { "return-attribute": [] }, "roles": null, "send-session-timeout-by-default": "false", "send-termination-action-by-default": "false", "vlan": "65", "vlan-check": "true" } Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting a RADIUS Attribute Policy
|
Request DELETE /api/v1/configuration/uac/network-access/radius-attribute/radius-attributes-policies/radius-attribute-policy/Return%20Attribute%20policy/HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating SNMP Device
|
Request POST /api/v1/configuration/uac/snmpEnforcement/clients/client HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "default-vlan": "0", "description": "", "enable": "true", "ip-address": "10.204.88.12", "location-group": "none", "model": "Ruckus Wireless", "name": "ruckus", "read-auth-password-encrypted": "", "read-auth-protocol": "md5", "read-priv-password-encrypted": "", "read-priv-protocol": "", "read-security-level": "auth", "read-username": "public", "snmp-enforcement": "false", "snmp-version": "V2", "ssh-passphrase-encrypted": "", "ssh-port-number": "22", "ssh-private-key-encrypted": "", "ssh-user-name": "", "ssh-user-password-encrypted": "", "sys-contact": "https://support.ruckuswireless.com/contact_us", "sys-description": "Ruckus Wireless ZD1200", "sys-location": "350 West Java Dr. Sunnyvale, CA 94089 US", "sys-name": "ruckus", "trap-auth-password-encrypted": "", "trap-auth-protocol": "md5", "trap-priv-password-encrypted": "", "trap-priv-protocol": "", "trap-security-level": "auth", "trap-username": "public", "use-samecredential": "true", "write-auth-password-encrypted": "", "write-auth-protocol": "md5", "write-priv-password-encrypted": "", "write-priv-protocol": "", "write-security-level": "auth", "write-username": "public" } Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting SNMP Device
|
Request DELETE /api/v1/configuration/uac/snmpEnforcement/clients/client/ruckus/HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating SNMP Policy
|
Request POST /api/v1/configuration/uac/snmpEnforcement/snmpPolicies/policy HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "apply-to-roles": "selected", "description": "", "location-group": "Guest Wired", "name": "SNMP policy", "roles": [ "Guest Wired Restricted" ], "vlan": "65" } Response Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting SNMP Policy
|
Request DELETE /api/v1/configuration/uac/snmpEnforcement/snmpPolicies/policy/SNMP%20policy HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating Device Group - TACACS+
|
Request POST /api/v1/configuration/uac/networkDeviceAdministration/groups/group/ HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "admin-realm": "Admin Users", "description": "", "name": "Device Group" } Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting Device Group- TACACS+
|
Request DELETE /api/v1/configuration/uac/networkDeviceAdministration/groups/group/Device%20Group HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating TACACS+ Client
|
Request POST api/v1/configuration/uac/networkDeviceAdministration/clients/client HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "description": "", "deviceGroup": "Device Group", "enable": "true", "ipAddress": "10.204.88.244", "ipAddressRange": "1", "name": "TACACS client", "shared-secret-encrypted": "3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY=" } Response { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Deleting TACACS+ Client
|
Request DELETE /api/v1/configuration/uac/networkDeviceAdministration/clients/client/TACACS%20client HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating Shell Policies
|
Request POST /api/v1/configuration/uac/networkDeviceAdministration/policies/policy HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "apply-action": "deny", "apply-groups": "all", "apply-roles": "all", "commandSets": { "command-set": [] }, "defaultPrivilege": "1", "description": "", "groups": null, "maxPrivilege": "1", "name": "TACACS policy", "roles": null } Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting Shell Policies
|
Request DELETE /api/v1/configuration/uac/networkDeviceAdministration/policies/policy/TACACS%20policy HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json Response { "result": { "warnings": [ { "message": "The configuration has been implicitly changed" } ] } } |
Creating Admission Control Client
|
Request POST /api/v1/configuration/uac/admissionControl/clients/client HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "description": "", "enable": "true", "ipAddress": "10.204.88.12", "name": "FORTINET", "templateID": "fortigate-text.itmpl" } Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } } |
Deleting Admission Control Client
|
Request DELETE /api/v1/configuration/uac/admissionControl/clients/client/FORTINET HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Creating Admission Control Policy
|
Request POST /api/v1/configuration/uac/admissionControl/policies/policy/ HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "action": "ignore", "apply": "selected", "count": "1", "event": "utm:ips", "name": "policy1", "replacementRole": null, "replacementType": "Permanent", "roles": null, "severity": "critical", "templateID": "fortigate-text.itmpl" } Response { "result": { "info": [ { "message": "Operation succeeded without warning or error!" } ] } |
Deleting Admission Control Policy
|
Request DELETE /api/v1/configuration/uac/admissionControl/policies/policy/policy1 HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json Response HTTP/1.1 204 NO CONTENT Content-Length: 0 Content-Type: application/json |
Getting Authentication API Key
|
Request GET <PPS-IP Address>/api/v1/auth Response "api_key": "NAIq3DNqOh7aDTsXJbZRUo4b+tILb1vpf5sasdasdfao=" Request GET <PPS-IP Address>/api/v1/auth/profiler/auth Response "api_key": "NAIq3DNqOh7aDTsXJbZRUo4b+tILb1vpf5sasdasdfao=" |
Ivanti Policy Secure Alert Based Admission Control APIs
Checking Status of Ivanti Policy Secure Server
|
Request GET <PPS-IP Address>/api/v1/integration/status Response "{\"message\": \"API server is up\"}" |
Getting Session Details for Endpoint Based on IP Address
|
Request GET <PPS-IP Address>/api/v1/integration/sessions/<endpoint-IP Address> Response { "data": [ { "ip": "10.xxx.xx.xx", "macaddr": "00-56-65-bf-0b-cx", "switch_ip": "", "switch_port": "", "username": "user1" } ] } Note: This sample response is for Juniper SDSN. |
Getting Session Details for Endpoint Based on MAC Address
|
Request GET <PPS-IP Address>/api/v1/integration/sessions/<endpoint-MAC Address> Response { "data": [ { "macaddr": "00-56-65-bf-0b-cx", "switch_ip": "", "switch_port": "", } ] } |
Sending Alert Event to Ivanti Policy Secure
|
Request PUT /api/v1/ integration/sessions For example: Sample PUT request Payload for Juniper SDSN is {"event-name":"block-endpoint", "srcip":"10.xxx.xx.xxx"}. Note: The event-names and field to parse the source-IP from the event should be defined in the admission control template. Response HTTP/1.1 204 NO CONTENT |
Profiler REST APIs
Approving Devices
|
Request PUT api/v1/profiler/endpoints/simplified/xx:xx:xx:xx:xx:xx HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "status": "approved" } Response HTTP/1.1 200 OK Content-Type: application/json { "Successfully updated." } |
Updating Device Attributes
|
Request PUT api/v1/profiler/endpoints/simplified/xx:xx:xx:xx:xx:xx HTTP/1.1 Host xx.xx.xx.xx Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06 Content-Type: application/json { "manufacturer": "Windows", "os": "Windows" } Response HTTP/1.1 200 OK Content-Type: application/json { "Successfully updated." } |
Adding details in Profiler Database
API to add endpoint details in Profiler DB
|
Request POST api/v1/profiler/endpoints Content-Type: application/json { "manufacturer": "Windows", "os": "Windows" } Response HTTP/1.1 201 CREATED Content-Type: application/json { "Successfully created." }
|
Removing details in Profiler Database
API to delete endpoint details in Profiler DB
|
Request: Method: DELETE
Response: HTTP/1.1 200 OK "success": "1", "error": [] } |
API to delete multiple endpoints in Profiler DB
|
Request: Method: DELETE Response: HTTP/1.1 200 OK "success": "2", "error": [] } |