Cisco ISE DataConnector

This project provides a python wrapper for interacting with the ISE database using the Data Connect feature

Requirements

1. Ensure your ISE deployment is greater than 3.2, and you have appropriate licensing
2. Enable the Data Connect feature, see Enable Data Connect
3. Follow the appropriate process for obtaining required certificates
   1. For ISE 3.2, see Export Data Connect Certificate
   2. For ISE 3.3, see Using Admin Certificate with Data Connect
4. Add the Data Connect Certificate to local Trust Store keytool -import -alias <Name> -file <Data Connect certificate file path and name> -storetype JKS -keystore <trust store name>
5. Install appropriate JDBC Runtime JAR, OJDBC11
6. Install all required dependencies pip install -r requirements.txt
7. Update config.yaml file with the following
   1. Hostname of ISE
   2. Data Connect Password
   3. Projects Log File Directory
   4. Path to JAR file
   5. Path to Trust Store
   6. Trust Store Password

Config.yaml example:

ise:
  hostname: 'ISE-Hostname'
  port: 2484
  dataconnect_password: 'dataconnect-password'
  log_path: '/Absolute/File/Path'
  jar_file_path: '/Absolute/JRE/Path'
  trust_store_path: '/Absolute/Trust_Store/Path'
  trust_store_password: 'trust-store-password'

Usage

Use by creating importing the package and creating an ISEDB object

from data_connect import ISEDB
ise = ISEDB('config.yaml')

Upon initialization the ISE DB schema will be generated

The ISE object natively provides methods for pulling data from all data connect views

For example calling the get_endpoints_data() returns:

Additionally, the query_db() method allows for any SQL query to be run against the ISE DB such as:

SELECT ENDPOINT_POLICY, MAC_ADDRESS FROM ENDPOINTS_DATA WHERE ENDPOINT_IP = '192.168.200.50'

Will return the following:

Example

import pprint
import json
from data_connect import ISEDB

ise = ISEDB('config.yaml')
endpoints = ise.get_endpoints_data()
pprint.pprint(json.dumps(endpoints))

Output